Description
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3459 Vulnerability (CVE-2017-3459)
WordPress Plugin AdWizz 'link' Parameter Cross-Site Scripting (1.0)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9276)
WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3401)