Vulnerability Details CVE-2007-0616
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v2 Score 7.8
References
- http://osvdb.org/33072
- http://secunia.com/advisories/24026
- http://www.securityfocus.com/bid/22368
- http://www.vupen.com/english/advisories/2007/0470
- http://www.zenphoto.org/support/topic.php?id=1146&replies=3
- http://www.zenphoto.org/support/topic.php?id=1148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32102
- http://osvdb.org/33072
- http://secunia.com/advisories/24026
- http://www.securityfocus.com/bid/22368
- http://www.vupen.com/english/advisories/2007/0470
- http://www.zenphoto.org/support/topic.php?id=1146&replies=3
- http://www.zenphoto.org/support/topic.php?id=1148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32102