• News ▼
      • netVigilance News
      • Media Coverage
      • Press Releases
      • Events
  • Support ▼
      • Report a bug
      • Security Advisories
      • Service Level Agreement (SLA)
      • Software Updates
      • Free Scanner Downloads
      • FAQ
  • Corporate ▼
      • About
      • Management
      • Careers
      • Press Releases
  • Contact Us   ►        
Search
  • PCI
      • PCI

      • netVigilance PCI Scan - Cloud
      • netVigilance Total Coverage with PCI
      • netVigilance External Scan with PCI
  • Products
      • Products

      • netVigilance Total Coverage
      • netVigilance Total Coverage with PCI
      • netVigilance PCI Scan - Cloud
      • netVigilance WebScan - Cloud
      • netVigilance External Scan - Cloud
      • netVigilance Internal Scan - Windows
      • netVigilance Internal Scan - Cloud
      • netVigilance Internal Scan - Enterprise
      • netVigilance Scan - Service Provider
      • netVigilance Closed Loop Remediation Option
  • Partners
      • Partners

      • Authorized Partners
      • Reselling PCI
      • Become a Partner
      • Integration Partners
  • Resources
      • Literature

      • Case Stories
      • Testimonials
      • Fact Sheets (Datasheets)
      • White Papers
      • FAQ
      • PassPCI wiki
      • Compliance

      • Sarbanes-Oxley
      • HIPAA
      • CVSS
      • PCI
      • News

      • netVigilance News (Scoutnews)
      • Media Coverage
      • Press Releases
      • Security and Support Centre

      • Report a bug
      • Security Advisories
      • Service Level Agreement (SLA)
      • Software Updates
      • Free Scanner Downloads
      • Archive

      • Past Press Releases
  • Compliance
      • Compliance

      • Sarbanes-Oxley
      • HIPAA
      • CVSS
      • PCI
  • Case Stories
      • Case Stories

      • Testimonials
  • Buy Now

 

 

 

 

 

CVE Logo

 

 

 

Best Security Research

 »  netVigilance is an active contributor to nvd.nist.gov
 
 » Every vulnerability in our database is independently scored according to CVSS 2.0
 
 » Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
 
 »

netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
 

 » Our Professional Services team will validate any vulnerability Scoring for you.
 
netVigilance Security Advisory
 
 
 
Arbitrary File Disclosure Vulnerability in
 
phpGedView 2.65.1 and prior
Home » Security Advisory 3 - CVE-2004-0127
*

Fact: More than 15 vulnerabilities were discovered EVERY day of 2009

Description:

Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.

External References: 
Mitre CVE: CVE-2004-0127
BUGTRAQ: 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior

Summary: 
phpGedView is an open source system for online viewing of Gedcom information (family tree and genealogy information). Multiple PHP Code Injection vulnerabilities exist in the phpGedView product. They enable a malicious user to access any file on the server.

Release Date:
January 29 2004

Severity:
High

SecureScout Testcase ID:
TC 17867 (released Feb 6th)

Vulnerable Systems:
phpGedView version 2.65.1 and prior

Vulnerability Type:
Directory Traversal - Allowing the Attacker to read any file on the Target Server via the .. (dot dot) Sequence.

Vendor Status: 
The Vendor has been notified and has Released a Version 2.65.3 that fixes the problem

Example: 
(HIGH Risk BUT user must be Admin)

- -- HTTP Request --

http://[target]/[phpGedView-directory]/editconfig_gedcom.php?gedcom_config=../../../../../../etc/passwd
or
http://[target]/[phpGedView-directory]/editconfig_gedcom.php
POSTDATA: gedcom_config=../../../../../../etc/passwd

- -- HTTP Request --

Code impacted : editconfig_gedcom.php

61:if (empty($gedcom_config)) {
62: if (!empty($_POST["gedcom_config"])) $gedcom_config = $_POST["gedcom_config"];
63: else $gedcom_config = "config_gedcom.php";
64:}
65:
66:require($gedcom_config);

The both GET/POST requests will work even if PHP register_globals is Off.

Credits: 
Cedric Cochin - netVigilance Vulnerability Research team



back to Security Advisories 

 

Copyright©2004-2011,  netVigilance, Inc.   All rights reserved  • Privacy Policy

netVigilance©