Intrusion Prevention

EZTicket.Common.PHP.Remote.File.Inclusion

Description

EZ-Ticket gv has a remote file inclusion overflow vulnerability. A remote attacker could execute arbitrary code on the vulnerable Web server by sending a specially crafted URL request to the common.php script, using the ezt_root_path parameter to include a malicious file from a remote system.

Affected Products

EZ-Ticket 0.0.1

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://sourceforge.net/projects/ezt/

CVE References

CVE-2006-5523