Vulnerabilities > CVE-2006-4477 - Unspecified vulnerability in Visualshapers Ezcontents 2.0.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN visualshapers
exploit available
Summary
Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description ezContents 2.0.3 shownews.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28458 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28458/ title ezContents 2.0.3 - shownews.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 toprated.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28462 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28462/ title ezContents 2.0.3 - toprated.php GLOBALSlanguage_home Parameter Remote File Inclusion description ezContents 2.0.3 event_list.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28453 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28453/ title ezContents 2.0.3 - event_list.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28455 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28455/ title ezContents 2.0. - gallery_summary.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 review_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477 . Webapps exploit for php platform id EDB-ID:28460 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28460/ title ezContents 2.0.3 - review_summary.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 search.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28461 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28461/ title ezContents 2.0.3 - search.php GLOBALSlanguage_home Parameter Remote File Inclusion description ezContents 2.0.3 showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28457 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28457/ title ezContents 2.0.3 - showlinks.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 showpoll.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28459 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28459/ title ezContents 2.0.3 - showpoll.php GLOBALSadmin_home Parameter Remote File Inclusion description ezContents 2.0.3 calendar.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28454 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28454/ title ezContents 2.0.3 - calendar.php GLOBALSlanguage_home Parameter Remote File Inclusion description ezContents 2.0.3 showguestbook.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform id EDB-ID:28456 last seen 2016-02-03 modified 2006-08-30 published 2006-08-30 reporter DarkFig source https://www.exploit-db.com/download/28456/ title ezContents 2.0.3 - showguestbook.php GLOBALSadmin_home Parameter Remote File Inclusion
References
- http://secunia.com/advisories/21703
- http://secunia.com/advisories/21703
- http://securityreason.com/securityalert/1479
- http://securityreason.com/securityalert/1479
- http://securitytracker.com/id?1016770
- http://securitytracker.com/id?1016770
- http://www.osvdb.org/28321
- http://www.osvdb.org/28321
- http://www.osvdb.org/28322
- http://www.osvdb.org/28322
- http://www.osvdb.org/28323
- http://www.osvdb.org/28323
- http://www.osvdb.org/28324
- http://www.osvdb.org/28324
- http://www.osvdb.org/28325
- http://www.osvdb.org/28325
- http://www.osvdb.org/28326
- http://www.osvdb.org/28326
- http://www.osvdb.org/28327
- http://www.osvdb.org/28327
- http://www.osvdb.org/28328
- http://www.osvdb.org/28328
- http://www.osvdb.org/28329
- http://www.osvdb.org/28329
- http://www.osvdb.org/28330
- http://www.osvdb.org/28330
- http://www.osvdb.org/28331
- http://www.osvdb.org/28331
- http://www.securityfocus.com/archive/1/444779/100/0/threaded
- http://www.securityfocus.com/archive/1/444779/100/0/threaded
- http://www.securityfocus.com/bid/19776
- http://www.securityfocus.com/bid/19776
- http://www.vupen.com/english/advisories/2006/3420
- http://www.vupen.com/english/advisories/2006/3420
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28674
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28674