Vulnerabilities > CVE-2004-0127 - Directory Traversal vulnerability in PhpGedView Editconfig_gedcom.php

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phpgedview

nessus

NVD

Published: 2004-03-03

Updated: 2017-07-11

Summary

Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.

Vulnerable Configurations

Part	Description	Count
Application	Phpgedview Phpgedview Phpgedview 2.52.3 Phpgedview Phpgedview 2.60 Phpgedview Phpgedview 2.61 Phpgedview Phpgedview 2.61.1 Phpgedview Phpgedview 2.65 Phpgedview Phpgedview 2.65.1	6

Nessus

NASL family	CGI abuses
NASL id	PHPGEDVIEW_DIRECTORY_TRAVERSAL.NASL
description	A vulnerability exists in the installed version of PhpGedView that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user. Another vulnerability could allow an attacker to include arbitrary PHP files hosted on a third-party website.
last seen	2020-06-01
modified	2020-06-02
plugin id	12034
published	2004-02-02
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/12034
title	phpGedView Arbitrary File Access / Remote File Inclusion

Summary

Vulnerable Configurations

Nessus

References