CVE-2009-4564

Zenphoto 1.2.5 - SQL Injection via Category Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4564. PoCs published by petros.

AI-analyzed exploit summary This JavaScript exploit demonstrates a blind SQL injection vulnerability in ZenPhoto 1.2.5 via the 'category' parameter in the ZenPage news module. It extracts admin credentials (username and password hash) using time-based techniques and includes functionality to emulate admin login by setting a forged authentication cookie.

Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by petros · javascriptwebappsphp

https://www.exploit-db.com/exploits/9154

View Code ZIP pw:eip

This JavaScript exploit demonstrates a blind SQL injection vulnerability in ZenPhoto 1.2.5 via the 'category' parameter in the ZenPage news module. It extracts admin credentials (username and password hash) using time-based techniques and includes functionality to emulate admin login by setting a forged authentication cookie.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Racy

Target: ZenPhoto 1.2.5 with ZenPage plugin

No auth needed

Prerequisites: ZenPage plugin must be activated · At least one news category must exist · magic_quotes must be disabled (ZenPage disables it by default)

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9154

Scores

EPSS 0.0084

EPSS Percentile 53.2%

Details

CWE

CWE-89

Status published

Products (1)

zenphoto/zenphoto 1.2.5

Published Jan 04, 2010

Tracked Since Feb 18, 2026