Description

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.

Remediation

References

CVE-2006-2186

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0129)

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-32565)

WordPress Plugin Image Slider Unspecified Vulnerability (1.1.119)

WordPress Plugin WP REST API (WP API) Security Bypass (1.2.1)

WordPress Plugin GN Publisher: Google News Compatible RSS Feeds Cross-Site Scripting (1.5.5)

Severity

Medium

Classification

CVE-2006-2186

Tags

Missing Update Known Vulnerabilities