Description

SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-4906

Related Vulnerabilities

WordPress Plugin WP with Spritz Local/Remote File Inclusion (1.0)

WordPress Plugin Super Interactive Maps for WordPress Arbitrary File Upload (1.9)

WordPress Plugin Broken Link Manager Cross-Site Scripting (0.5.5)

WordPress Plugin wpForo Forum Cross-Site Scripting (2.1.8)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-3294)

Severity

High

Classification

CVE-2010-4906 CWE-138

Tags

Missing Update Known Vulnerabilities