ZeusCMS <= 0.3 (image_viewer.php) Information Disclosure Weakness

Description:

Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.

References:

• CVE-2007-6623
• BID-27058
• EDB-4798

Disclosure Date:

December 27, 2007