Vulnerability Details CVE-2007-0616
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v2 Score 7.8
References
- http://osvdb.org/33072
- http://secunia.com/advisories/24026
- http://www.securityfocus.com/bid/22368
- http://www.vupen.com/english/advisories/2007/0470
- http://www.zenphoto.org/support/topic.php?id=1146&replies=3
- http://www.zenphoto.org/support/topic.php?id=1148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32102
- http://osvdb.org/33072
- http://secunia.com/advisories/24026
- http://www.securityfocus.com/bid/22368
- http://www.vupen.com/english/advisories/2007/0470
- http://www.zenphoto.org/support/topic.php?id=1146&replies=3
- http://www.zenphoto.org/support/topic.php?id=1148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32102