Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home parameters to modules/diary/showdiarydetail.php; (6) gsLanguage and (7) language_home parameters to modules/diary/submit_diary.php; (8) admin_home parameter to modules/news/news_summary.php; (9) nLink, (10) gsLanguage, and (11) language_home parameters to modules/news/inlinenews.php; and possibly other unspecified vectors in (12) diary/showeventlist.php, (13) gallery/showgallery.php, (14) reviews/showreviews.php, (15) gallery/showgallerydetails.php, (16) reviews/showreviewsdetails.php, (17) news/shownewsdetails.php, (18) gallery/submit_gallery.php, (19) guestbook/submit_guestbook.php, (20) reviews/submit_reviews.php, (21) news/submit_news.php, (22) diary/inlineeventlist.php, and (23) news/archivednews_summary.php in modules/, related to the lack of directory traversal protection in modules/moduleSec.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Visualshapers ezContents CMS多个目录遍历漏洞
Vulnerability Description
ezContents是一款开放源代码内容管理系统。 ezContents 存在多个目录遍历漏洞。远程攻击者可以借助(1)modules/diary/showdiary.php的 gsLanguage和language_home 参数; (2) modules/diary/showdiarydetail.php的admin_home、gsLanguage、language_home参数; (3) modules/diary/submit_diary.php的gsLanguage 和language_home
CVSS Information
N/A
Vulnerability Type
N/A