Description

Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.

Remediation

References

CVE-2007-0616

Related Vulnerabilities

WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)

WordPress Plugin Google Alert And Twitter Multiple Vulnerabilities (3.1.5)

WordPress Plugin TinyMCE Custom Styles Cross-Site Scripting (1.1.2)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20415)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-7247)

Severity

High

Classification

CVE-2007-0616

Tags

Missing Update Known Vulnerabilities