Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zenphoto 跨站请求伪造漏洞
Vulnerability Description
Zenphoto是Zenphoto团队开发的一套免费的图片库内容管理系统。该系统可管理图片,且支持音频、视频等多媒体。 Zenphoto 1.2.5版本的zp-core/admin-options.php脚本中存在跨站请求伪造漏洞。远程攻击者可借助saveoptions操作中的‘0-adminpass’或‘0-adminpass_2’参数利用该漏洞更改管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A