vendor:
ezConvert
by:
xoron
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: ezConvert
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
ezConvert: phpBB ezBoard converter v0.2 (ezconvert_dir) Remote File Include Exploit
This exploit allows an attacker to remotely include a malicious file in the ezConvert PHP script. The vulnerable code is found in the 'config.php' file where the 'ezconvert_dir' parameter is not properly validated before being included. By manipulating this parameter, an attacker can include a remote file and execute arbitrary code on the target system.
Mitigation:
To mitigate this vulnerability, the developer should ensure that all user-supplied input is properly validated and sanitized before being used in file inclusion operations. Additionally, it is recommended to keep the software up-to-date with the latest security patches.