Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4469

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4469
Last Modified 07 Mar 2011 09:28:21
Published 21 Dec 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4469

Summary

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.

Vulnerable Systems

Application

  • Phpgedview 2.52.3

  • Phpgedview 2.60

  • Phpgedview 2.61

  • Phpgedview 2.61.1

  • Phpgedview 2.65

  • Phpgedview 2.65 Beta5

  • Phpgedview 2.65.1

  • Phpgedview 2.65.2

  • Phpgedview 3.3.7


References

BID - 15983

SECUNIA - 18177

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36

CONFIRM - https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081

VUPEN - ADV-2005-3033

BUGTRAQ - 20051220 PHPGedView <= 3.3.7 remote code execution

MISC - http://rgod.altervista.org/phpgedview_337_xpl.html

XF - phpgedview-multi-field-xss(23873)

OSVDB - 22010

SECTRACK - 1015395


Last Updated: 27 May 2016 10:41:18