The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and previous versions do not check credentials, which allows remote malicious users to create or delete directories and upload files via a direct HTTP POST request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
visualshapers ezcontents |
Vulmon