CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-0030

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile4.81th
Published2004年1月20日
Last Modified2026年4月16日

Vulnerability Description

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

Affected Platforms (CPE)

📦
Phpgedview

Phpgedview

= 2.61

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=107340840209453&w=2
🔗 http://secunia.com/advisories/10565
🔗 http://www.osvdb.org/3343
🔗 http://www.securityfocus.com/bid/9368
🔗 http://www.securitytracker.com/id?1008632
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/14159
🔗 http://marc.info/?l=bugtraq&m=107340840209453&w=2
🔗 http://secunia.com/advisories/10565

関連する脆弱性情報

CVE-2008-206410.0

Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental d...

CVE-2004-01287.5

PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attacke...

CVE-2004-00657.5

Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline....

CVE-2004-00317.5

PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request ...