CVE-2006-0315

EZDatabase < 2.1.1 - Directory Traversal and Cross-Site Scripting via p Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0315. PoCs published by Josh Zlatin-Amishav.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in EZDatabase versions prior to 2.1.2. It includes a proof-of-concept URL demonstrating how arbitrary script code can be executed in the context of the affected site.

Description

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Josh Zlatin-Amishav · textwebappsphp

https://www.exploit-db.com/exploits/27093

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in EZDatabase versions prior to 2.1.2. It includes a proof-of-concept URL demonstrating how arbitrary script code can be executed in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EZDatabase < 2.1.2

No auth needed

Prerequisites: A vulnerable version of EZDatabase · User interaction to visit a crafted URL

MITRE ATT&CK