Description

Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.

Remediation

References

CVE-2007-0616

Related Vulnerabilities

WordPress Plugin Portfolio Gallery-Photo Gallery Multiple Unspecified Vulnerabilities (2.0.72)

WordPress Plugin Clone Cross-Site Scripting (2.1.1)

IBM WebSEAL Missing Authorization Vulnerability (CVE-2019-4158)

WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20965)

Severity

High

Classification

CVE-2007-0616

Tags

Missing Update Known Vulnerabilities