Tim-Coen

**Name of the Vulnerable Software and Affected Versions** Zenphoto versions prior to 1.4.9 **Description** The issue allows remote administrators to execute arbitrary SQL commands due to a SQL injection vulnerability. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zenphoto versions prior to 1.4.9 **Description** The issue is related to an incomplete blacklist in the sanitize string function, which allows remote attackers to conduct cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zenphoto versions prior to 1.4.9 **Description** The issue arises from the `sanitize string` function not properly sanitizing HTML tags, allowing remote attackers to perform a cross-site scripting (XSS) attack. This can be achieved by wrapping a payload in malformed HTML tags, such as "<<script></script>script>payload<script></script></script>", or by using an image tag with the payload as the `onerror` event. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue. As a temporary workaround, consider disabling the `sanitize string` function or restricting its use until a patch is available. Avoid using the `sanitize string` function to sanitize user-inputted HTML tags until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zenphoto versions prior to 1.4.9 **Description** A cross-site request forgery issue exists, allowing remote attackers to hijack the authentication of admin users for requests that may cause a denial of service due to resource consumption. This issue is related to the admin.php file. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZenPhoto versions prior to 1.4.9 **Description** The issue is related to the `sanitize string` function, which used the `html entity decode` function after input sanitation. This could potentially allow remote attackers to perform a cross-site scripting (XSS) attack via a crafted string. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue. As a temporary workaround, consider disabling the `sanitize string` function until a patch is available. Restrict input to prevent crafted strings from being processed by the `html entity decode` function.