Back to search
CVE-2008-7055
Published: Aug 24, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20080825 [DSECRG-08-038] Multiple Local File Include Vulnerabilities in ezContents CMS 2.0.3
mailing-list
x_refsource_BUGTRAQ
6301
exploit
x_refsource_EXPLOIT-DB
31606
third-party-advisory
x_refsource_SECUNIA
30821
vdb-entry
x_refsource_BID
ezcontents-link-file-include(44663)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now