Description

SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

Remediation

References

CVE-2012-0994

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)

WordPress Plugin Mailster-Email Newsletter for WordPress Local File Inclusion (4.0.6)

Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)

Apache HTTP Server Session Fixation Vulnerability (CVE-2001-1534)

Joomla! Core 3.9.x CSV Injection (3.9.0 - 3.9.6)

Severity

Medium

Classification

CVE-2012-0994 CWE-138

Tags

Missing Update Known Vulnerabilities