CVE-2004-0132

Name of the Vulnerable Software and Affected Versions ezContents versions 2.0.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code from a remote web server. This can be achieved by exploiting the GLOBALS[rootdp] parameter in the "db.php" endpoint or the GLOBALS[language home] parameter in the "archivednews.php" endpoint, potentially by using a malicious version of "lang admin.php".

Recommendations For ezContents versions 2.0.2 and earlier, as a temporary workaround, consider restricting access to the "db.php" and "archivednews.php" endpoints to minimize the risk of exploitation. Avoid using the GLOBALS[rootdp] and GLOBALS[language home] parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.