phpGedView prior to 2.65 allows remote malicious users to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgedview phpgedview |