Description
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2217 Vulnerability (CVE-2021-2217)
XWiki Missing Authorization Vulnerability (CVE-2024-43401)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.0)
WordPress Plugin Post Pay Counter PHP Object Injection (2.730)