High

CVE-2004-0132 - Unspecified vulnerability in Visualshapers Ezcontents

Publication: 2004-03-03
Summary

Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Visualshapers Ezcontents 1.40
  • Visualshapers Ezcontents 2.0_rc3
  • Visualshapers Ezcontents 1.42
  • Visualshapers Ezcontents 1.43
  • Visualshapers Ezcontents 1.44
  • Visualshapers Ezcontents 1.45
  • Visualshapers Ezcontents 1.41
  • Visualshapers Ezcontents 2.0.1
  • Visualshapers Ezcontents 2.0.2
  • Visualshapers Ezcontents 2.0_rc1
  • Visualshapers Ezcontents 2.0_rc2
  • Visualshapers Ezcontents 1.45b