3 matches found
EUVD-2011-0431
Malware in sbrugna...
PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion
The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...
Directory traversal
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter...