index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
References
Configurations
Information
Published : 2006-01-18 17:03
Updated : 2018-10-19 08:44
NVD link : CVE-2006-0315
Mitre link : CVE-2006-0315
JSON object : View
CWE
Products Affected
indexcor
- ezdatabase