Vulnerabilities > CVE-2004-0030 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHPgedview 2.61

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
phpgedview
CWE-829
critical
exploit available
NVD
Published: 2004-01-20
Updated: 2024-02-08

Summary

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

Vulnerable Configurations

Part Description Count
Application
Phpgedview
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionPhpGedView 2.61 Multiple PHP Remote File Include Vulnerabilities. CVE-2004-0030. Webapps exploit for php platform
idEDB-ID:23520
last seen2016-02-02
modified2004-01-06
published2004-01-06
reporterWindak
sourcehttps://www.exploit-db.com/download/23520/
titlePhpGedView 2.61 - Multiple PHP Remote File Include Vulnerabilities

References