Vulnerabilities > CVE-2004-0030 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHPgedview 2.61
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | PhpGedView 2.61 Multiple PHP Remote File Include Vulnerabilities. CVE-2004-0030. Webapps exploit for php platform |
id | EDB-ID:23520 |
last seen | 2016-02-02 |
modified | 2004-01-06 |
published | 2004-01-06 |
reporter | Windak |
source | https://www.exploit-db.com/download/23520/ |
title | PhpGedView 2.61 - Multiple PHP Remote File Include Vulnerabilities |
References
- http://marc.info/?l=bugtraq&m=107340840209453&w=2
- http://marc.info/?l=bugtraq&m=107340840209453&w=2
- http://secunia.com/advisories/10565
- http://secunia.com/advisories/10565
- http://www.osvdb.org/3343
- http://www.osvdb.org/3343
- http://www.securityfocus.com/bid/9368
- http://www.securityfocus.com/bid/9368
- http://www.securitytracker.com/id?1008632
- http://www.securitytracker.com/id?1008632
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14159
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14159