EZDatabase 2.1.2 - 'index.php?p' Local File Inclusion

EDB-ID:

26853




Platform:

PHP

Date:

2005-12-16


source: https://www.securityfocus.com/bid/15908/info

ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

ezDatabase is prone to an SQL injection vulnerability and a local file include vulnerability. Successful exploitation of these issues may result in the disclosure of sensitive information, a compromise of the database or the execution of arbitrary local server-side script code. This may facilitate a compromise of the underlying system; other attacks are also possible.

This issue affects version 2.1.2; other versions may also be affected.

http://www.example.com/index.php?p=../Local file