Detections
Analytics

CVE-2005-4469

critical

Description

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.

References

https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081

https://exchange.xforce.ibmcloud.com/vulnerabilities/23873

http://www.vupen.com/english/advisories/2005/3033

http://www.securityfocus.com/bid/15983

http://www.securityfocus.com/archive/1/419906/100/0/threaded

http://www.osvdb.org/22010

http://securitytracker.com/id?1015395

http://secunia.com/advisories/18177

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36

Details

Source: Mitre, NVD

Published: 2005-12-22

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical