I have recently had trouble with attacks on my sites. As a result of this I transferred to a new host that had more security tools. The new host runs a process that looks at the site for vulnerabilities.
They reported 1 critical issue (site vulnerable to SQL Injection attacks). There is also a warning (backend SQL can be identified).
There are also 5 informational items identified.
The message received concerning the critical issue is
Your website is vulnerable to SQL injection attacks.
When providing specially crafted parameters to your site, Site Scanner received an error from the underlying databse. The error indicates that your site might be vulnerable to SQL injection attacks. An attacker could use this vulnerability to bypass authentication, read confidential data, modify the remote database, or possibly take control of the remote server.
High / CVSS Base Score : 7.5(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Modify the relevant cgis so that they properly escape arguments.
This is obviously the main problem that needs to be fixed and I would appreciate your input.
The website I am having problems with is
This site is running the latest version
I have also uploaded a document with all the issues found on my site to
<link removed by administrator>
I really like ZenPhoto and will research all I can about making my sites more secure, but this problem is a little beyond me.