Description
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-41061 Vulnerability (CVE-2022-41061)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5265)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Privilege Escalation (3.3.1)