CVE-2008-3575

ezcontents_cms - Remote Code Execution via GLOBALS[gsLanguage] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3575. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in ezContents CMS by manipulating the `GLOBALS[rootdp]` and `GLOBALS[gsLanguage]` parameters to include and execute arbitrary PHP code from a remote server.

Description

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132.

Exploits (1)

exploitdb WORKING POC VERIFIED
by HACKERS PAL · textwebappsphp
https://www.exploit-db.com/exploits/32116

This exploit demonstrates a remote file inclusion vulnerability in ezContents CMS by manipulating the `GLOBALS[rootdp]` and `GLOBALS[gsLanguage]` parameters to include and execute arbitrary PHP code from a remote server.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ezContents CMS
No auth needed
Prerequisites: Remote server hosting malicious PHP code · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4130
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494755/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44480

Scores

EPSS 0.0227
EPSS Percentile 80.8%

Details

CWE
CWE-94
Status published
Products (1)
ezcontents/ezcontents_cms
Published Aug 10, 2008
Tracked Since Feb 18, 2026