Eval injection vulnerability in ezDatabase 2.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
indexcor ezdatabase 2.0 |
||
indexcor ezdatabase 2.1.2 |