zenphoto 1.0.1 beta and previous versions allow remote malicious users to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zenphoto zenphoto 0.9 |
||
zenphoto zenphoto 1.0.1_beta |
||
zenphoto zenphoto 1.0_beta |