http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html

https://github.com/zenphoto/zenphoto/issues/1292

https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/

MITRE disputed

** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site."

Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.

NIST AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

NIST (AV:N/AC:L/Au:S/C:P/I:P/A:P)

NIST CWE-434

OR
     *cpe:2.3:a:zenphoto:zenphoto:*:*:*:*:*:*:*:* versions up to (including) 1.5.7

http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html No Types Assigned

http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html Exploit, Third Party Advisory, VDB Entry

https://github.com/zenphoto/zenphoto/issues/1292 No Types Assigned

https://github.com/zenphoto/zenphoto/issues/1292 Third Party Advisory

https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/ No Types Assigned

https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/ Vendor Advisory

Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory.

** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site."

https://github.com/zenphoto/zenphoto/issues/1292 [No Types Assigned]

https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/ [No Types Assigned]