This is a whitepaper called Image Authentication Injection. Proof of concept code is included.
d4a68cecd3dae6139f91157e6ef9e79417463b4b054b10498c792b2a524a904e
ZenPhoto Gallery version 1.2.5 administrator password reset exploit using cross site request forgery.
1a2d15c4041d20cefe60ca298054f060cd86c3a57e3568f9c13a0d676329c67b
ZenPhoto version 1.2.5 blind SQL injection exploit.
bf0946dfc31faab77398bc2efe0fe0cccef59b2f0242782e01d32ee6637a7faf