CVE-2008-7054

Name of the Vulnerable Software and Affected Versions ezContents version 2.0.3

Description The issue is related to multiple directory traversal vulnerabilities that allow remote attackers to include and execute arbitrary local files. This is due to the lack of directory traversal protection in modules/moduleSec.php. The vulnerable parameters include gsLanguage, language home, admin home, and nLink in various PHP files such as showdiary.php, showdiarydetail.php, submit diary.php, news summary.php, and inlinenews.php. Other potential vectors exist in unspecified files within the modules/ directory.

Recommendations For ezContents version 2.0.3, consider disabling the vulnerable parameters gsLanguage, language home, admin home, and nLink in the affected PHP files until a patch is available. Restrict access to the modules/ directory to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.