Primary

Context

TREK Unauthenticated Photo Access Vulnerability

Vulnerability

A vulnerability in TREK, a collaborative travel planner, prior to version 2.7.2, allowed uploaded photos to be accessed without authentication. This issue has been addressed in version 2.7.2. The vulnerability existed because the application served files from the '/uploads/photos' directory without requiring a valid authentication token or share token, leaving them exposed to any user.

Impact

Exploitation of this vulnerability allowed for unauthorized access to uploaded photos, which could be viewed or downloaded by any user.

Remediation

Users are advised to update TREK to version 2.7.2 or later, where this vulnerability has been fixed. The latest version can be downloaded from the TREK GitHub releases page.

Added: Apr 10, 2026, 8:23 PM

Updated: Apr 10, 2026, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

5.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

5.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TREK Unauthenticated Photo Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating