CVE-2005-4469 Information
Description
Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php or the (2) user_language (3) user_email and (4) user_gedcomid parameters in login_register.php which is directly inserted into authenticate.php.
Reference
http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.35&r2=1.71.2.36 http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/login_register.php?r1=1.71.2.36&r2=1.71.2.37 http://rgod.altervista.org/phpgedview_337_xpl.html http://secunia.com/advisories/18177 http://securitytracker.com/id?1015395 http://www.osvdb.org/22010 http://www.securityfocus.com/archive/1/419906/100/0/threaded http://www.securityfocus.com/bid/15983 http://www.vupen.com/english/advisories/2005/3033 https://exchange.xforce.ibmcloud.com/vulnerabilities/23873 https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081
Share on: