CVE-2006-4477

Name of the Vulnerable Software and Affected Versions Visual Shapers ezContents version 2.0.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via an empty GLOBALS[rootdp] parameter and an ftps URL in the GLOBALS[admin home] parameter in several PHP files, including "diary/event list.php", "gallery/gallery summary.php", "guestbook/showguestbook.php", "links/showlinks.php", and "reviews/review summary.php". Additionally, it can be exploited through the GLOBALS[language home] parameter in files such as "calendar/calendar.php", "news/shownews.php", "poll/showpoll.php", "search/search.php", "toprated/toprated.php", and "whatsnew/whatsnew.php".

Recommendations For Visual Shapers ezContents version 2.0.3, consider disabling the GLOBALS[admin home] and GLOBALS[language home] parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable parameters GLOBALS[rootdp] to minimize the risk of exploitation. Avoid using ftps URLs in the affected parameters until the issue is resolved.