Zenphoto versions prior to 1.5.7 suffers from improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability.
The information has been provided by Vendor
The original article can be found at:https://www.zenphoto.org/news/zenphoto-1.5.7/
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
Zenphoto versions prior to 1.5.7