ezDatabase 2.1.2 index.php db_id Parameter SQL Injection

ID EDB-ID:26854
Type exploitdb
Reporter r0t3d3Vil
Modified 2005-12-16T00:00:00


ezDatabase 2.1.2 index.php db_id Parameter SQL Injection. CVE-2005-4303. Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/15908/info
ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
ezDatabase is prone to an SQL injection vulnerability and a local file include vulnerability. Successful exploitation of these issues may result in the disclosure of sensitive information, a compromise of the database or the execution of arbitrary local server-side script code. This may facilitate a compromise of the underlying system; other attacks are also possible.
This issue affects version 2.1.2; other versions may also be affected.