CVE Vulnerabilities

CVE-2005-4469

Published: Dec 22, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.

Affected Software

Name Vendor Start Version End Version
Phpgedview Phpgedview 2.52.3 2.52.3
Phpgedview Phpgedview 2.60 2.60
Phpgedview Phpgedview 2.61 2.61
Phpgedview Phpgedview 2.61.1 2.61.1
Phpgedview Phpgedview 2.65 2.65
Phpgedview Phpgedview 2.65.1 2.65.1
Phpgedview Phpgedview 2.65.2 2.65.2
Phpgedview Phpgedview 2.65_beta5 2.65_beta5
Phpgedview Phpgedview * 3.3.7

References