Check Point Advisories

Update Protection against ezDatabase Remote File Inclusion Vulnerability

Check Point Reference: CPAI-2006-026
Date Published: 26 Mar 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: SecurityFocus
Industry Reference:CVE-2006-0214
Protection Provided by:
Who is Vulnerable? ezDatabase 2.0 and earlier versions
Vulnerability Description ezDatabase is a Web based application designed for creating online databases. A vulnerability in ezDatabase allows remote attackers to execute arbitrary PHP code via several parameters. Attackers may be able to disclose sensitive information and compromise an affected system.
Update/Patch AvaliableUpdate to version 2.1.3 at http://www.ezdatabase.org/member/index.php.
Vulnerability DetailsThe vulnerability is specifically due to failure to verify input passed to the "db_id" parameter in "visitorupload.php" before it is being used in "eval()". This can be exploited to execute arbitrary PHP commands.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK