2.1.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

indexcor

exploit available

NVD

Published: 2006-01-15

Updated: 2017-07-20

Summary

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.

Vulnerable Configurations

Part	Description	Count
Application	Indexcor Indexcor Ezdatabase 2.0 Indexcor Ezdatabase 2.1.2	2

Exploit-Db

description	ezDatabase <= 2.0 (db_id) Remote Command Execution Exploit. CVE-2006-0214. Webapps exploit for php platform
id	EDB-ID:1442
last seen	2016-01-31
modified	2006-01-22
published	2006-01-22
reporter	cijfer
source	https://www.exploit-db.com/download/1442/
title	ezDatabase <= 2.0 db_id Remote Command Execution Exploit

Summary

Vulnerable Configurations

Exploit-Db

References