CVE-2006-4478

Visualshapers Ezcontents - SQL Injection

Title source: rule

Description

SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · textwebappsphp

https://www.exploit-db.com/exploits/28464

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28320

[Exploit] http://www.securityfocus.com/bid/19777

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28675

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/444779/100/0/threaded

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016770

[Third Party Advisory] http://secunia.com/advisories/21703

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3420

[Third Party Advisory] http://securityreason.com/securityalert/1479

Scores

EPSS 0.0173

EPSS Percentile 82.2%

Classification

Status draft

Affected Products (1)

visualshapers/ezcontents

Timeline

Published Aug 31, 2006

Tracked Since Feb 18, 2026