CVE-2008-2920

Eztechhelp Ezcms < 1.2 - Authentication Bypass

Title source: rule

Description

admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files.

Exploits (1)

exploitdb WRITEUP VERIFIED

by t0pP8uZz · textwebappsphp

https://www.exploit-db.com/exploits/5819

View Code ZIP pw:eip

References (4)

[Patch] http://ezcms.eztechhelp.com/index.php?page=3&nid=27

[Exploit, Patch] http://www.securityfocus.com/bid/29738

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5819

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43091

Scores

EPSS 0.0608

EPSS Percentile 90.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

ezcms/eztechhelp_ezcms < 1.2

Timeline

Published Jun 30, 2008

Tracked Since Feb 18, 2026