This advisory details multiple vulnerabilities in Zenphoto 1.4.3.3, including SQL injection via the X_FORWARDED_FOR header, IP address spoofing, and a file type restriction bypass. The analysis includes code snippets, attack vectors, and preconditions for exploitation.
Classification
Writeup 100%
Attack Type
Sqli | Auth Bypass | Other
Target:
Zenphoto 1.4.3.3 and older
No auth needed
Prerequisites:
Plugin activation for some vulnerabilities · Admin privileges for file type restriction bypass