Zenphoto viewer_size_image_saved Cookie Value eval() Call Remote PHP Code Execution
Medium Nessus Plugin ID 58456
SynopsisThe remote web server contains an application that is affected by a code execution vulnerability.
DescriptionThe remote host contains a Zenphoto installation that can be abused to execute arbitrary PHP code.
In the file 'zp-core/zp-extensions/viewer_size_image.php' the value of the cookie 'viewer_size_image_saved' is not properly sanitized before being used in an 'eval()' call. This can allow arbitrary PHP code to be executed on the server.
Note that exploitation requires the 'viewer_size_image' plugin be enabled in the application, which is not the case by default.
SolutionUpgrade to Zenphoto 22.214.171.124 or later.