CVE-2006-0214 Information

Description

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php as demonstrated using phpinfo and include function calls.

Reference

http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html http://secunia.com/advisories/18043 http://securityreason.com/securityalert/351 http://www.securityfocus.com/bid/16237 https://exchange.xforce.ibmcloud.com/vulnerabilities/24136