Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

phpgedview phpgedview 2.65 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2004-0127
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and previous versions allows remote malicious users to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
Phpgedview Phpgedview 2.65Phpgedview Phpgedview 2.65.1Phpgedview Phpgedview 2.61Phpgedview Phpgedview 2.61.1Phpgedview Phpgedview 2.52.3Phpgedview Phpgedview 2.60
7.5
CVSSv2
CVE-2004-0128
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and previous versions allows remote malicious users to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains...
Phpgedview Phpgedview 2.65.1Phpgedview Phpgedview 2.61.1Phpgedview Phpgedview 2.65Phpgedview Phpgedview 2.60Phpgedview Phpgedview 2.61Phpgedview Phpgedview 2.52.3
7.5
CVSSv2
CVE-2005-4469
Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and previous versions allow remote malicious users to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_...
Phpgedview Phpgedview 2.61Phpgedview Phpgedview 2.61.1Phpgedview Phpgedview 2.65.2Phpgedview Phpgedview 2.65 Beta5Phpgedview Phpgedview 2.65Phpgedview Phpgedview 2.65.1Phpgedview Phpgedview 2.52.3Phpgedview Phpgedview 2.60Phpgedview Phpgedview
5
CVSSv2
CVE-2005-4467
Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and previous versions allows remote malicious users to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.
Phpgedview Phpgedview 2.61.1Phpgedview Phpgedview 2.65Phpgedview Phpgedview 2.65.1Phpgedview Phpgedview 2.65.2Phpgedview Phpgedview 2.60Phpgedview Phpgedview 2.61Phpgedview Phpgedview 2.52.3Phpgedview Phpgedview 2.65 Beta5Phpgedview Phpgedview 3.3.7
10
CVSSv2
CVE-2008-2064
Multiple unspecified vulnerabilities in PhpGedView prior to 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
Phpgedview Phpgedview 0.6Phpgedview Phpgedview 2.12Phpgedview Phpgedview 2.13Phpgedview Phpgedview 2.50Phpgedview Phpgedview 4.1.1Phpgedview Phpgedview 4.1.3Phpgedview Phpgedview 1.1Phpgedview Phpgedview 2.0Phpgedview Phpgedview 3.3.8Phpgedview Phpgedview 4.0Phpgedview Phpgedview 0.8Phpgedview Phpgedview 0.95Phpgedview Phpgedview 2.60Phpgedview Phpgedview 2.65Phpgedview PhpgedviewPhpgedview Phpgedview 1.0Phpgedview Phpgedview 1.04Phpgedview Phpgedview 3.0Phpgedview Phpgedview 3.2
7.5
CVSSv2
CVE-2004-0065
Multiple SQL injection vulnerabilities in phpGedView prior to 2.65 allow remote malicious users to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
Phpgedview Phpgedview
5
CVSSv2
CVE-2004-0066
phpGedView prior to 2.65 allows remote malicious users to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.
Phpgedview Phpgedview
5
CVSSv2
CVE-2004-0130
login.php in phpGedView 2.65 and previous versions allows remote malicious users to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.
Phpgedview Phpgedview
4.3
CVSSv2
CVE-2004-0067
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView prior to 2.65 allow remote malicious users to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, ...
Phpgedview Phpgedview
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook