Zenphoto: >> Zenphoto Security Vulnerabilities
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
CVSS Score
7.8
EPSS Score
0.022
Published
2007-01-31
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.015
Published
2006-05-04
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
CVSS Score
6.8
EPSS Score
0.02
Published
2006-05-04
Page 4