← back
CVE-2005-4469

CVE-2005-4469

EPSS 2.7%
Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37http://rgod.altervista.org/phpgedview_337_xpl.htmlhttp://secunia.com/advisories/18177http://securitytracker.com/id?1015395https://exchange.xforce.ibmcloud.com/vulnerabilities/23873https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081http://www.osvdb.org/22010http://www.securityfocus.com/archive/1/419906/100/0/threadedhttp://www.securityfocus.com/bid/15983http://www.vupen.com/english/advisories/2005/3033