Описание
PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.
Комментарий
The vulnerability has been confirmed in version 1.6 and the vendor states that only version 1.6 is affected. Successful exploitation requires that "register_globals" is enabled.
Ссылки
- ExploitPatchVendor Advisory
- Exploit
- ExploitPatchVendor Advisory
- Exploit
Уязвимые конфигурации
Одно из
EPSS
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.
EPSS
5.1 Medium
CVSS2