CVE-2012-0994

N/A Unknown

Published: February 21, 2012 Modified: April 29, 2026

Description

SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/47875

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/51916

Source: cve@mitre.org

Exploit

http://www.zenphoto.org/news/zenphoto-1.4.2.1

Source: cve@mitre.org

http://www.zenphoto.org/trac/changeset/8994

Source: cve@mitre.org

Exploit Patch

http://www.zenphoto.org/trac/changeset/8995

Source: cve@mitre.org

Exploit Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/73082

Source: cve@mitre.org

https://www.htbridge.ch/advisory/HTB23070

Source: cve@mitre.org

Exploit

http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html