Vulnerabilities > CVE-2004-0128 - Remote File Include vulnerability in PhpGedView [GED_File]_conf.php
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Exploit-Db
| description | PhpGedView 2.x [GED_File]_conf.php Remote File Include Vulnerability. CVE-2004-0128. Webapps exploit for php platform |
| id | EDB-ID:23617 |
| last seen | 2016-02-02 |
| modified | 2004-01-30 |
| published | 2004-01-30 |
| reporter | Cedric Cochin |
| source | https://www.exploit-db.com/download/23617/ |
| title | PhpGedView 2.x - GED_File_conf.php Remote File Include Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | PHPGEDVIEW_DIRECTORY_TRAVERSAL.NASL |
| description | A vulnerability exists in the installed version of PhpGedView that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user. Another vulnerability could allow an attacker to include arbitrary PHP files hosted on a third-party website. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 12034 |
| published | 2004-02-02 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/12034 |
| title | phpGedView Arbitrary File Access / Remote File Inclusion |