Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EZDatabase多个输入验证漏洞
Vulnerability Description
EZDatabase是用PHP和MySQL编写的在线数据库程序。 EZDatabase中存在多个输入验证错误,如下: 1. 没有正确验证对"p"参数的输入,可能导致包含本地资源的任意文件; 2. 没有正确验证对"db_id"参数的输入,可能导致通过注入任意SQL代码来操控SQL查询; 3. 没有正确验证对"cat_id"参数的输入,可能导致泄漏完整的安装路径。
CVSS Information
N/A
Vulnerability Type
N/A