Vulnerabilities > CVE-2005-2616 - Remote File Include vulnerability in Ezupload 2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description ezUpload 2.2 initialize.php path Parameter Remote File Inclusion. CVE-2005-2616. Webapps exploit for php platform id EDB-ID:26141 last seen 2016-02-03 modified 2005-08-10 published 2005-08-10 reporter Johnnie Walker source https://www.exploit-db.com/download/26141/ title ezUpload 2.2 initialize.php path Parameter Remote File Inclusion description ezUpload 2.2 index.php path Parameter Remote File Inclusion. CVE-2005-2616. Webapps exploit for php platform id EDB-ID:26140 last seen 2016-02-03 modified 2005-08-10 published 2005-08-10 reporter Johnnie Walker source https://www.exploit-db.com/download/26140/ title ezUpload 2.2 index.php path Parameter Remote File Inclusion description ezUpload 2.2 customize.php path Parameter Remote File Inclusion. CVE-2005-2616. Webapps exploit for php platform id EDB-ID:26142 last seen 2016-02-03 modified 2005-08-10 published 2005-08-10 reporter Johnnie Walker source https://www.exploit-db.com/download/26142/ title ezUpload 2.2 customize.php path Parameter Remote File Inclusion description ezUpload 2.2 form.php path Parameter Remote File Inclusion. CVE-2005-2616 . Webapps exploit for php platform id EDB-ID:26143 last seen 2016-02-03 modified 2005-08-10 published 2005-08-10 reporter Johnnie Walker source https://www.exploit-db.com/download/26143/ title ezUpload 2.2 form.php path Parameter Remote File Inclusion
Nessus
NASL family | CGI abuses |
NASL id | EZUPLOAD_PATH_FILE_INCLUDES.NASL |
description | The remote host appears to be running ezUpload, a commercial upload script written in PHP. The installed version of ezUpload allows remote attackers to control the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19418 |
published | 2005-08-10 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19418 |
title | ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI) |
code |
|