CVE-2009-4564

Zenphoto 1.2.5 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by petros · javascriptwebappsphp

https://www.exploit-db.com/exploits/9154

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9154

Scores

EPSS 0.0023

EPSS Percentile 46.1%

Details

CWE

CWE-89

Status published

Products (1)

zenphoto/zenphoto 1.2.5

Published Jan 04, 2010

Tracked Since Feb 18, 2026