index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
References
Configurations
History
No history.
Information
Published : 2006-01-19 01:03
Updated : 2024-02-04 16:52
NVD link : CVE-2006-0315
Mitre link : CVE-2006-0315
CVE.ORG link : CVE-2006-0315
JSON object : View
Products Affected
indexcor
- ezdatabase
CWE