Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

Zenphoto

Zenphoto is a CMS for selfhosted gallery focused websites. Our focus lies on being easy to use and having all the features there when you need them. Zenphoto features support for various media formats and integrated blog and custom pages. Zenphoto is the ideal CMS for personal websites of illustrators artists designers photographers film makers and musicians.

Official Site:

http://www.zenphoto.org

Severity Summary:

High: 8 Medium: 23
Reference
Title
Severity
CVE-2020-5593
Zenphoto Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2018-0610
Zenphoto Improper Privilege Management Vulnerability
High
CVE-2020-36079
Zenphoto Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2007-0616
Zenphoto Other Vulnerability
High
CVE-2007-6666
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2015-5591
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2009-4566
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2010-4906
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2012-0993
Zenphoto Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2006-2187
Zenphoto Other Vulnerability
Medium
CVE-2006-2186
Zenphoto Other Vulnerability
Medium
CVE-2008-6925
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-4562
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-4563
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2009-4564
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2010-4907
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-2641
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-0994
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2012-0995
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-5592
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-7241
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-7242
Zenphoto Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2015-2948
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-2949
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5594
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5592
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5593
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5595
Zenphoto Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2012-4519
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-20140
Zenphoto Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium