Zenphoto: >> Zenphoto Security Vulnerabilities
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
CVSS Score
7.8
EPSS Score
0.005
Published
2007-01-31
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.006
Published
2006-05-04
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
CVSS Score
6.8
EPSS Score
0.005
Published
2006-05-04
Page 4