| VID |
21859 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PhpGedView program is vulnerable to multiple vulnerabilities which exist in versions 3.3.7 and earlier. The PhpGedView is a freely available Web-based program that displays genealogy information. PhpGedView version 3.3.7 and earlier versions are vulnerable to multiple vulnerabilities as follows:
1) Input passed to the "PGV_BASE_DIRECTORY" parameter in the "help_text_vars.php" script isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources, and allow a remote attacker to view arbitrary files or execute arbitrary code on the system. Successful exploitation requires that "register_globals" is enabled.
2) Input passed to the "user_language", "user_email", and "user_gedcomid" parameters when registering isn't properly sanitized before being stored in the "authenticate.php" script. This can be exploited to inject and execute arbitrary PHP code.
* References:
http://retrogod.altervista.org/phpgedview_337_xpl.html
https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081
http://archives.neohapsis.com/archives/bugtraq/2005-12/0243.html
http://secunia.com/advisories/18177/
* Platforms Affected:
John Finlay, PhpGedView version 3.3.7 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PhpGedView (3.3.8 or later), available from the PhpGedView Web page at http://phpgedview.sourceforge.net/ |
| Related URL |
CVE-2005-4467,CVE-2005-4468,CVE-2005-4469 (CVE) |
| Related URL |
15983 (SecurityFocus) |
| Related URL |
23871,23873 (ISS) |
|
