CVE-2002-1087

Name of the Vulnerable Software and Affected Versions: ezContents versions 1.41 and earlier

Description: The issue concerns the scripts createdir.php, removedir.php, and uploadfile.php, which do not check credentials. This allows remote attackers to create or delete directories and upload files via a direct HTTP POST request to endpoints such as "createdir.php", "removedir.php", and "uploadfile.php".

Recommendations: For ezContents versions 1.41 and earlier, as a temporary workaround, consider disabling the createdir.php, removedir.php, and uploadfile.php scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.