CVE-2009-4564 Information

Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5 when the ZenPage plugin is enabled allows remote attackers to execute arbitrary SQL commands via the category parameter related to a URI under news/category/.

Reference

http://www.exploit-db.com/exploits/9154