Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VisualShapers ezContents多个模块文件包含漏洞
Vulnerability Description
ezContents是一款开放源代码内容管理系统。 ezContents包含的多个模块对用户提交输入缺少充分过滤,远程攻击者可以利用这些漏洞进行SQL注入攻击,修改数据库及获得敏感数据。 问题是包含的'db.php'及'archivednews.php'脚本对用户提交的'GLOBALS[rootdp]'和'GLOBALS[language_home]'变量数据缺少充分过滤,提交指定远程服务器上的文件作为变量数据,可能以WEB进程权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A