CVE-2004-0030

CRITICAL9.8

PHP remote file inclusion vulnerability in (1) functions

Published Jan 8, 2004

Modified 1 years ago

No fix available

Details

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

References

WEBhttp://marc.info/?l=bugtraq&m=107340840209453&w=2 ADVISORYhttp://secunia.com/advisories/10565 WEBhttp://www.osvdb.org/3343 WEBhttp://www.securityfocus.com/bid/9368 WEBhttp://www.securitytracker.com/id?1008632 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/14159 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2004-0030

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJan 8, 2004

ModifiedAug 8, 2024