Zenphoto Directory Listing Disclosure Vulnerability

Bugtraq ID:	22368
Class:	Input Validation Error
CVE:	CVE-2007-0616
Remote:	Yes
Local:	No
Published:	Feb 02 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	nicosomb is credited with the discovery of this vulnerability
Vulnerable:	Zenphoto zenphoto 1.0.6 Zenphoto zenphoto 1.0.4
Not Vulnerable:	Zenphoto zenphoto 1.0.7

Zenphoto Directory Listing Disclosure Vulnerability

Zenphoto is prone to a vulnerability that allows remote attackers to view directory listings.

Exploiting this issue could allow remote attackers to view any directory listings within the context of the webserver. This may grant the attacker unauthorized access to information.

Zenphoto versions 1.04 to 1.06 are vulnerable to this issue.

Zenphoto Directory Listing Disclosure Vulnerability

Attackers can exploit this issue via a browser.

Zenphoto Directory Listing Disclosure Vulnerability

Solution:
The vendor has released updates to address this issue.

Zenphoto Directory Listing Disclosure Vulnerability

References:

• security question (Zenphoto)
  
• Zenphoto Changelog (Zenphoto)
  
• Zenphoto Homepage (Zenphoto)