CVE-2006-0315

CVE-2006-0315 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.

Learn more about our Web Application Penetration Testing UK.