CVE-2004-0132

Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.

Published: Mar 3, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0132
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
visualshapers / ezcontents	1.45	1.45.x
visualshapers / ezcontents	2.0_rc2	2.0_rc2.x
visualshapers / ezcontents	1.40	1.40.x
visualshapers / ezcontents	1.41	1.41.x
visualshapers / ezcontents	1.43	1.43.x
visualshapers / ezcontents	1.45b	1.45b.x
visualshapers / ezcontents	2.0.2	2.0.2.x
visualshapers / ezcontents	2.0_rc1	2.0_rc1.x
visualshapers / ezcontents	2.0.1	2.0.1.x
visualshapers / ezcontents	2.0_rc3	2.0_rc3.x
visualshapers / ezcontents	1.44	1.44.x
visualshapers / ezcontents	1.42	1.42.x

Vulnerability Database

291,049

CVE-2004-0132