6 matches found
CVE-2006-0214
CVE-2006-0214 affects ezDatabase 2.0 and earlier. A vulnerability in the application’s PHP code allows remote attackers to execute arbitrary PHP via an eval injection in the db_id parameter to visitorupload.php, demonstrated with phpinfo and include() calls. The connected documents confirm the fl...
CVE-2007-0592
CVE-2007-0592 is an XSS vulnerability in EzDatabase 2.1.3. The affected component is EzDatabase’s admin/login.php and the Admin Panel Database, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD entry indicates a CVSSv2 base score of 6.8 (Medium) wit...
CVE-2006-0315
CVE-2006-0315 affects EZDatabase prior to 2.1.2. The vulnerability stems from improper cleansing of the p parameter when constructing and including a .php filename, enabling directory traversal. This can lead to cross-site scripting (XSS) and path disclosure. The available connected documents pro...
CVE-2005-4303
CVE-2005-4303 affects ezDatabase 2.1.2 and earlier via a SQL injection in index.php where the db_id parameter enables remote attackers to execute arbitrary SQL commands. The vulnerability is documented with a High base score (7.5, NETWORK attack, no authentication) and partial impact on confident...
CVE-2005-4304
CVE-2005-4304 affects ezDatabase versions up to 2.1.2 and earlier. The issue is triggered by an invalid cat_id parameter in index.php, leading to leakage of a full pathname in an error message. The description notes uncertainty about details due to report terminology problems and partial feedback...
CVE-2005-4302
The CVE-2005-4302 entry concerns a directory traversal vulnerability in ezDatabase