Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zenphoto 代码问题漏洞
Vulnerability Description
ZenPhoto是一套免费的图片库内容管理系统。该系统可管理图片,且支持音频、视频等多媒体。 Zenphoto through 1.5.7 存在安全漏洞,该漏洞源于会受到经过身份验证的任意文件上传的影响,导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A