📦 Zenphoto

Zenphoto CMS versions through 1.5.7 allow authenticated administrators to upload arbitrary files, including PHP web shells, leading to remote code execution. This affects all Zenphoto installations wi...

CVE-2020-5593 is a PHP code injection vulnerability in Zenphoto CMS that allows attackers to execute arbitrary code by tricking users into uploading malicious .zip files. This affects all Zenphoto ins...

Zenphoto 1.6 contains a stored cross-site scripting vulnerability where authenticated attackers can inject malicious HTML/JavaScript into album descriptions. When users view affected album pages, the ...

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field. When administrators view user information, malicious JavaScript injected into postal code fields execut...