Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and previous versions allows remote malicious users to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgedview phpgedview 2.61.1 |
||
phpgedview phpgedview 2.65 |
||
phpgedview phpgedview 2.65.1 |
||
phpgedview phpgedview 2.65.2 |
||
phpgedview phpgedview 2.60 |
||
phpgedview phpgedview 2.61 |
||
phpgedview phpgedview 2.52.3 |
||
phpgedview phpgedview 2.65_beta5 |
||
phpgedview phpgedview 3.3.7 |