Vulnerability Details CVE-2006-0214
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html
- http://secunia.com/advisories/18043
- http://securityreason.com/securityalert/351
- http://www.securityfocus.com/bid/16237
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24136
- http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html
- http://secunia.com/advisories/18043
- http://securityreason.com/securityalert/351
- http://www.securityfocus.com/bid/16237
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24136
Products affected by CVE-2006-0214
-
cpe:2.3:a:indexcor:ezdatabase:2.0
-
cpe:2.3:a:indexcor:ezdatabase:2.1.2