Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ezcontents | Visualshapers | 1.40 (including) | 1.40 (including) |
Ezcontents | Visualshapers | 1.41 (including) | 1.41 (including) |
Ezcontents | Visualshapers | 1.42 (including) | 1.42 (including) |
Ezcontents | Visualshapers | 1.43 (including) | 1.43 (including) |
Ezcontents | Visualshapers | 1.44 (including) | 1.44 (including) |
Ezcontents | Visualshapers | 1.45 (including) | 1.45 (including) |
Ezcontents | Visualshapers | 1.45b (including) | 1.45b (including) |
Ezcontents | Visualshapers | 2.0.1 (including) | 2.0.1 (including) |
Ezcontents | Visualshapers | 2.0.2 (including) | 2.0.2 (including) |
Ezcontents | Visualshapers | 2.0_rc1 (including) | 2.0_rc1 (including) |
Ezcontents | Visualshapers | 2.0_rc2 (including) | 2.0_rc2 (including) |
Ezcontents | Visualshapers | 2.0_rc3 (including) | 2.0_rc3 (including) |