Lucene search

[email protected]CVE-2004-0127

HistoryMar 03, 2004 - 5:00 a.m.

CVE-2004-0127

2004-03-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

directory traversal

vulnerability

phpgedview

remote attackers

arbitrary files

arbitrary php programs

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via … (dot dot) sequences in the gedcom_config parameter.

CPENameOperatorVersion
phpgedview:phpgedviewphpgedvieweq2.65
phpgedview:phpgedviewphpgedvieweq2.61
phpgedview:phpgedviewphpgedvieweq2.61.1
phpgedview:phpgedviewphpgedvieweq2.65.1
phpgedview:phpgedviewphpgedvieweq2.52.3
phpgedview:phpgedviewphpgedvieweq2.60

CPE	Name	Operator	Version
phpgedview:phpgedview	phpgedview	eq	2.65
phpgedview:phpgedview	phpgedview	eq	2.61
phpgedview:phpgedview	phpgedview	eq	2.61.1
phpgedview:phpgedview	phpgedview	eq	2.65.1
phpgedview:phpgedview	phpgedview	eq	2.52.3
phpgedview:phpgedview	phpgedview	eq	2.60

References

secunia.com/advisories/10753/

www.osvdb.org/displayvuln.php?osvdb_id=3768

www.securityfocus.com/archive/1/352355

www.securityfocus.com/bid/9529

www.securitytracker.com/id?1008892

exchange.xforce.ibmcloud.com/vulnerabilities/15129

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2004-0127

nessus1