Description

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.

Remediation

References

CVE-2006-2186

Related Vulnerabilities

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.19)

WordPress Plugin User Control SQL Injection (2.1.0)

WordPress Plugin Gallery-Photo Albums-Portfolio Cross-Site Scripting (1.2.25)

WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.50)

Liferay Portal Insufficiently Protected Credentials Vulnerability (CVE-2021-29043)

Severity

Medium

Classification

CVE-2006-2186

Tags

Missing Update Known Vulnerabilities