CVE-2005-4467 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.

Affected Software

Name	Vendor	Start Version	End Version
Phpgedview	Phpgedview	2.52.3 (including)	2.52.3 (including)
Phpgedview	Phpgedview	2.60 (including)	2.60 (including)
Phpgedview	Phpgedview	2.61 (including)	2.61 (including)
Phpgedview	Phpgedview	2.61.1 (including)	2.61.1 (including)
Phpgedview	Phpgedview	2.65 (including)	2.65 (including)
Phpgedview	Phpgedview	2.65.1 (including)	2.65.1 (including)
Phpgedview	Phpgedview	2.65.2 (including)	2.65.2 (including)
Phpgedview	Phpgedview	2.65_beta5 (including)	2.65_beta5 (including)
Phpgedview	Phpgedview	3.3.7 (including)	3.3.7 (including)

References

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63\u0026r2=1.64
http://rgod.altervista.org/phpgedview_337_xpl.html
http://secunia.com/advisories/18177
http://securitytracker.com/id?1015395
http://www.osvdb.org/22009
http://www.securityfocus.com/archive/1/419906/100/0/threaded
http://www.securityfocus.com/bid/15983
http://www.vupen.com/english/advisories/2005/3033
https://exchange.xforce.ibmcloud.com/vulnerabilities/23871
https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1386434\u0026group_id=55456\u0026atid=477081
http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63\u0026r2=1.64
http://rgod.altervista.org/phpgedview_337_xpl.html
http://secunia.com/advisories/18177
http://securitytracker.com/id?1015395
http://www.osvdb.org/22009
http://www.securityfocus.com/archive/1/419906/100/0/threaded
http://www.securityfocus.com/bid/15983
http://www.vupen.com/english/advisories/2005/3033
https://exchange.xforce.ibmcloud.com/vulnerabilities/23871
https://sourceforge.net/tracker/index.php?func=detail\u0026aid=1386434\u0026group_id=55456\u0026atid=477081

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4467
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html