Zenphoto 1.4.10 Multiple security vulnerabilities
- Date Published:2015-12-23
- Last Updated:2015-12-23
- Version Affected: Zenphoto 1.4.10
Zen Photos pluginDoc.php PHP file is vulnerable to local file inclusion that allows attackers to read arbitrary server files outside of the current web directory by injecting "../" directory traversal characters, which can lead to sensitive information disclosure, code execution or DOS on the victims web server.
Multiple XSS entry points exist allowing arbitrary client side JS code execution on victims who click our infected linx. Session ID and data theft may follow as well as possibility to bypass CSRF protections, injection of iframes to establish communication.
1. Please notice Zenphoto company ：http://www.zenphoto.org/
2. If you have purchased NGAF appliance, update WAF signature database to above version 20151218 .