Ifoto

CVEs (2)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2007-4092		0.03	—	0.05		Jul 30, 2007	Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.
CVE-2006-3006		0.03	—	0.01		Jun 13, 2006	Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter.

CVE-2007-4092Jul 30, 2007
risk 0.03cvss —epss 0.05
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.
CVE-2006-3006Jun 13, 2006
risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter.