CVE-2005-4309

CVE-2005-4309 concerns ezUpload Pro 2.2 and earlier. The vulnerability is an SQL injection in the application’s search module parameters, allowing remote attackers to execute arbitrary SQL commands. The available documents confirm the affected product (ezUpload Pro 2.2 and earlier) and the root c...

CVE-2006-2694

CVE-2006-2694 affects EzUpload Pro 2.10 and describes multiple PHP remote file inclusion vulnerabilities. The issue allows remote attackers to execute arbitrary PHP code by providing a URL in the path parameter to any of three scripts: form.php, customize.php, and initialize.php. The underlying r...

CVE-2005-4308

Affected software: ezUpload Pro 2.2 and earlier. Vulnerability: remote attackers can include files via the mode parameter in index.php, enabling possible RFI. Root cause: improper handling of the mode parameter leading to file inclusion. Impact (per CVSS): partial confidentiality, integrity, and ...

CVE-2006-3939

CVE-2006-3939 affects ScriptsCenter ezUpload Pro 2.2.0. The vulnerability allows remote, unauthenticated administrative actions via multiple scripts: filter.php (changes to Extensions Mode file type), access.php (changes to Protection Method), edituser.php (adds upload privileges to user accounts...