Vulnerabilities

CVE-2006-0315

by Fred · 18/01/2006

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.

Date published : 2006-01-18

http://www.securityfocus.com/bid/16257

http://www.securityfocus.com/archive/1/422071/100/0/threaded

Similar

Tags: Cybersecurity Alert