Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

Remediation

References

CVE-2009-4564

Related Vulnerabilities

WordPress Plugin BePro Listings Arbitrary File Upload (2.2.0020)

WordPress Plugin Pinterest 'Pin It' Button Cross-Site Scripting (2.0.8)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.42)

WordPress Plugin Online Hotel Booking System Pro Cross-Site Scripting (1.1)

WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)

Severity

Medium

Classification

CVE-2009-4564 CWE-138

Tags

Missing Update Known Vulnerabilities