Vulnerabilities > CVE-2004-0132 - Unspecified vulnerability in Visualshapers Ezcontents

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
visualshapers
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.

Exploit-Db

  • descriptionVisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion. CVE-2004-0132. Webapps exploit for php platform
    idEDB-ID:23683
    last seen2016-02-02
    modified2004-02-11
    published2004-02-11
    reporterCedric Cochin
    sourcehttps://www.exploit-db.com/download/23683/
    titleVisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion
  • descriptionVisualShapers ezContents 1.x/2.0 archivednews.php Arbitrary File Inclusion. CVE-2004-0132. Webapps exploit for php platform
    idEDB-ID:23684
    last seen2016-02-02
    modified2004-02-11
    published2004-02-11
    reporterCedric Cochin
    sourcehttps://www.exploit-db.com/download/23684/
    titleVisualShapers ezContents 1.x/2.0 archivednews.php Arbitrary File Inclusion