CVE-2004-0127 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.

Affected Software

Name	Vendor	Start Version	End Version
Phpgedview	Phpgedview	2.52.3 (including)	2.52.3 (including)
Phpgedview	Phpgedview	2.60 (including)	2.60 (including)
Phpgedview	Phpgedview	2.61 (including)	2.61 (including)
Phpgedview	Phpgedview	2.61.1 (including)	2.61.1 (including)
Phpgedview	Phpgedview	2.65 (including)	2.65 (including)
Phpgedview	Phpgedview	2.65.1 (including)	2.65.1 (including)

References

http://secunia.com/advisories/10753/
http://www.osvdb.org/displayvuln.php?osvdb_id=3768
http://www.securityfocus.com/archive/1/352355
http://www.securityfocus.com/bid/9529
http://www.securitytracker.com/id?1008892
https://exchange.xforce.ibmcloud.com/vulnerabilities/15129
http://secunia.com/advisories/10753/
http://www.osvdb.org/displayvuln.php?osvdb_id=3768
http://www.securityfocus.com/archive/1/352355
http://www.securityfocus.com/bid/9529
http://www.securitytracker.com/id?1008892
https://exchange.xforce.ibmcloud.com/vulnerabilities/15129

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0127
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html