High

CVE-2005-4468 - Unspecified vulnerability in multiple products

Publication: 2005-12-22

Summary

PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter.

Risk level (CVSS 7.5)

High

7.5

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

References

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64
http://rgod.altervista.org/phpgedview_337_xpl.html
http://securitytracker.com/id?1015395
http://www.securityfocus.com/archive/1/419906/100/0/threaded
http://www.securityfocus.com/bid/15983
http://www.vupen.com/english/advisories/2005/3033
https://exchange.xforce.ibmcloud.com/vulnerabilities/23871
https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081