EZDatabase
by EZDatabase
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0315 | 0.03 | — | 0.05 | Jan 19, 2006 | index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. | |||
| CVE-2006-0214 | 0.03 | — | 0.03 | Jan 15, 2006 | Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | |||
| CVE-2005-4302 | 0.03 | — | 0.03 | Dec 17, 2005 | Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter. | |||
| CVE-2005-4304 | 0.00 | — | 0.02 | Dec 17, 2005 | index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack… |
- CVE-2006-0315Jan 19, 2006risk 0.03cvss —epss 0.05
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
- CVE-2006-0214Jan 15, 2006risk 0.03cvss —epss 0.03
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
- CVE-2005-4302Dec 17, 2005risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
- CVE-2005-4304Dec 17, 2005risk 0.00cvss —epss 0.02
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack…