CVE-2015-5594

MEDIUM

zenphoto < 1.4.8 - Cross-Site Scripting via sanitize_string Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5594.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in ZenPhoto 1.4.8, including SQL injection via ORDER BY manipulation, reflected XSS through URL parameters, path traversal in theme file editing, and arbitrary function execution. The analysis includes specific exploit paths and payloads but does not contain functional exploit code.

Description

The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/37602

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in ZenPhoto 1.4.8, including SQL injection via ORDER BY manipulation, reflected XSS through URL parameters, path traversal in theme file editing, and arbitrary function execution. The analysis includes specific exploit paths and payloads but does not contain functional exploit code.

Classification

Writeup 95%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: ZenPhoto 1.4.8

Auth required

Prerequisites: Admin access to ZenPhoto · Error reporting enabled for SQLi · Target running vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Release Notes, Third Party Advisory x_refsource_confirm

http://www.zenphoto.org/news/zenphoto-1.4.9

Exploit, Third Party Advisory x_refsource_misc

https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/07/18/3

Not Applicable x_refsource_misc

http://cve.killedkenny.io/cve/CVE-2015-5594

Scores

CVSS v3 6.1

EPSS 0.0187

EPSS Percentile 76.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

zenphoto/zenphoto < 1.4.8

Published Jul 25, 2017

Tracked Since Feb 18, 2026