ezDatabase 2.1.2 index.php db_id Parameter SQL Injection

2005-12-16T00:00:00
ID EDB-ID:26854
Type exploitdb
Reporter r0t3d3Vil
Modified 2005-12-16T00:00:00

Description

ezDatabase 2.1.2 index.php db_id Parameter SQL Injection. CVE-2005-4303. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/15908/info
 
ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
 
ezDatabase is prone to an SQL injection vulnerability and a local file include vulnerability. Successful exploitation of these issues may result in the disclosure of sensitive information, a compromise of the database or the execution of arbitrary local server-side script code. This may facilitate a compromise of the underlying system; other attacks are also possible.
 
This issue affects version 2.1.2; other versions may also be affected.

http://www.example.com/index.php?p=getcat&db_id=[SQL]