Detections
Analytics
Zenphoto < 1.4.2.1 Multiple Vulnerabilities
medium Nessus Plugin ID 58454
Language:
Synopsis
The remote web server contains a PHP application that is affected by multiple vulnerabilities.Description
The remote host contains a version of Zenphoto earlier than 1.4.2.1 that is affected by multiple vulnerabilities :- An input validation error in the file 'zp-core/zp-extensions/viewer_size_image.php' can allow arbitrary PHP code to be injected via the value of the cookie 'viewer_size_image_saved cookie'. Note that the plugin 'viewer_size_image' must be enabled for this vulnerability to be exploited. (CVE-2012-0993)
- An input validation error in the file 'zp-core/admin-albumsort.php' can allow SQL injection attacks via the 'sortableList' parameter.
(CVE-2012-0994)
- Multiple cross-site scripting vulnerabilities exist in the following (CVE-2012-0995) :
- 'zp-core/admin.php' via the 'msg' parameter
- 'zp-core/admin.php' and undefined urls by appending malicious code to the end of the url
- 'zp-core/admin-edit.php' via the 'album' parameter
Solution
Upgrade to Zenphoto version 1.4.2.1 or later.See Also
https://www.htbridge.com/advisory/HTB23070
https://www.zenphoto.org/news/zenphoto-1.4.2.1
Plugin Details
Severity: Medium
ID: 58454
File Name: zenphoto_1_4_2_1.nasl
Version: 1.10
Type: remote
Family: CGI abuses
Published: 3/23/2012
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:zenphoto:zenphoto
Required KB Items: www/zenphoto, Settings/ParanoidReport
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Patch Publication Date: 2/8/2012
Vulnerability Publication Date: 1/19/2012
Exploitable With
Elliot (Zenphoto 1.4.2 RCE)
Reference Information
CVE: CVE-2012-0993, CVE-2012-0994, CVE-2012-0995
BID: 51916