CVE-2008-7055

Name of the Vulnerable Software and Affected Versions ezContents version 2.0.3

Description The issue allows remote attackers to bypass directory traversal protection and include and execute arbitrary local files. This is achieved by using "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str replace function.

Recommendations For ezContents version 2.0.3, consider temporarily restricting access to the module.php file until a proper fix is applied, and ensure that the link parameter is properly sanitized to prevent directory traversal attacks.