Lucene search

[email protected]CVE-2012-0993

HistoryFeb 21, 2012 - 1:31 p.m.

CVE-2012-0993

2012-02-2113:31:45

CWE-94

[email protected]

web.nvd.nist.gov

cve-2012-0993

eval injection

zenphoto 1.4.2

security vulnerability

remote code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.

Affected configurations

NVD

Node

zenphotozenphotoMatch1.4.2

CPENameOperatorVersion
zenphoto:zenphotozenphotoeq1.4.2

CPE	Name	Operator	Version
zenphoto:zenphoto	zenphoto	eq	1.4.2

References

archives.neohapsis.com/archives/bugtraq/2012-02/0037.html

secunia.com/advisories/47875

www.securityfocus.com/bid/51916

www.zenphoto.org/news/zenphoto-1.4.2.1

www.zenphoto.org/trac/changeset/8994

www.zenphoto.org/trac/changeset/8995

exchange.xforce.ibmcloud.com/vulnerabilities/73081

www.htbridge.ch/advisory/HTB23070

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2012-0993

dsquare1 nessus2 cvelist1 prion1 nvd1 packetstorm1 openvas2 htbridge1 securityvulns2