ezDatabase Multiple Input Validation Vulnerabilities

vendor:

ezDatabase

by:

7.5

CVSS

HIGH

Input Validation

CWE

Product Name: ezDatabase

Affected Version From: 2.1.2002

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

ezDatabase Multiple Input Validation Vulnerabilities

ezDatabase is prone to an SQL injection vulnerability and a local file include vulnerability. Successful exploitation of these issues may result in the disclosure of sensitive information, a compromise of the database or the execution of arbitrary local server-side script code. This may facilitate a compromise of the underlying system; other attacks are also possible.

Mitigation:

Implement proper input validation and sanitization techniques to prevent SQL injection and local file include vulnerabilities. Regularly update to the latest version of ezDatabase to ensure patches for these vulnerabilities are applied.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15908/info

ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

ezDatabase is prone to an SQL injection vulnerability and a local file include vulnerability. Successful exploitation of these issues may result in the disclosure of sensitive information, a compromise of the database or the execution of arbitrary local server-side script code. This may facilitate a compromise of the underlying system; other attacks are also possible.

This issue affects version 2.1.2; other versions may also be affected.

http://www.example.com/index.php?p=../Local file