#VU44254 Code Injection in Zenphoto - CVE-2012-0993

Cybersecurity Help s.r.o.

Published: 2012-02-21 | Updated: 2020-08-11

Vulnerability identifier: #VU44254

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-0993

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Zenphoto
Web applications / CMS

Vendor: Zenphoto

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Zenphoto: 1.4.2

External links
https://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html
https://secunia.com/advisories/47875
https://www.securityfocus.com/bid/51916
https://www.zenphoto.org/news/zenphoto-1.4.2.1
https://www.zenphoto.org/trac/changeset/8994
https://www.zenphoto.org/trac/changeset/8995
https://exchange.xforce.ibmcloud.com/vulnerabilities/73081
https://www.htbridge.ch/advisory/HTB23070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Zenphoto