Description
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html
Vendor Advisory x_refsource_misc
https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/
Third Party Advisory x_refsource_misc
https://github.com/zenphoto/zenphoto/issues/1292
Scores
CVSS v3
7.2
EPSS
0.1557
EPSS Percentile
94.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
zenphoto/zenphoto
< 1.5.7
Published
Feb 26, 2021
Tracked Since
Feb 18, 2026