Vulnerabilities > CVE-2004-0127 - Unspecified vulnerability in PHPgedview
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpgedview
nessus
Summary
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
| NASL family | CGI abuses |
| NASL id | PHPGEDVIEW_DIRECTORY_TRAVERSAL.NASL |
| description | A vulnerability exists in the installed version of PhpGedView that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user. Another vulnerability could allow an attacker to include arbitrary PHP files hosted on a third-party website. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 12034 |
| published | 2004-02-02 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/12034 |
| title | phpGedView Arbitrary File Access / Remote File Inclusion |
References
- http://secunia.com/advisories/10753/
- http://secunia.com/advisories/10753/
- http://www.osvdb.org/displayvuln.php?osvdb_id=3768
- http://www.osvdb.org/displayvuln.php?osvdb_id=3768
- http://www.securityfocus.com/archive/1/352355
- http://www.securityfocus.com/archive/1/352355
- http://www.securityfocus.com/bid/9529
- http://www.securityfocus.com/bid/9529
- http://www.securitytracker.com/id?1008892
- http://www.securitytracker.com/id?1008892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15129