Description
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin StatPress Multiple Unspecified Vulnerabilities (1.4.1)
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2012-1160)
WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)
Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)
WordPress Plugin myghpay WooCommerce Payment Gateway Cross-Site Scripting (3.0)