Detections
Analytics

phpGedView Arbitrary File Access / Remote File Inclusion

high Nessus Plugin ID 12034

Language:

Synopsis

A remote web application is affected by several flaws.

Description

A vulnerability exists in the installed version of PhpGedView that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user.

Another vulnerability could allow an attacker to include arbitrary PHP files hosted on a third-party website.

Solution

Upgrade to PhpGedView 2.65.2 or later.

See Also

http://www.netvigilance.com/advisory0003

Plugin Details

Severity: High

ID: 12034

File Name: phpgedview_directory_traversal.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 2/2/2004

Updated: 4/7/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpgedview:phpgedview

Required KB Items: www/PHP, www/phpgedview

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/28/2004

Reference Information

CVE: CVE-2004-0127, CVE-2004-0128

BID: 9529, 9531