Public CVE-2018-0609 disclosure

Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.