Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2538

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2004-2538
Last Modified 05 Sep 2008 04:44:25
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2004-2538

Summary

Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.

Vulnerable Systems

Application

  • Nilesh Dosooye Phpcodegenie 1.1

  • Nilesh Dosooye Phpcodegenie 1.21

  • Nilesh Dosooye Phpcodegenie 1.4

  • Nilesh Dosooye Phpcodegenie 3.0 Alpha

  • Nilesh Dosooye Phpcodegenie 3.0 Beta

  • Nilesh Dosooye Phpcodegenie 3.0.1


References

BID - 11524

SECTRACK - 1011911

SECUNIA - 12853

XF - phpcodegenie-header-footer-command-execution(17848)

OSVDB - 11102

CONFIRM - http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt


Last Updated: 27 May 2016 10:39:30