CVE-2005-4469

EPSS 2.7%

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36 http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37 http://rgod.altervista.org/phpgedview_337_xpl.html http://secunia.com/advisories/18177 http://securitytracker.com/id?1015395 https://exchange.xforce.ibmcloud.com/vulnerabilities/23873 https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081 http://www.osvdb.org/22010 http://www.securityfocus.com/archive/1/419906/100/0/threaded http://www.securityfocus.com/bid/15983 http://www.vupen.com/english/advisories/2005/3033