Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and previous versions allow remote malicious users to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgedview phpgedview 2.61 |
||
phpgedview phpgedview 2.61.1 |
||
phpgedview phpgedview 2.65.2 |
||
phpgedview phpgedview 2.65_beta5 |
||
phpgedview phpgedview 2.65 |
||
phpgedview phpgedview 2.65.1 |
||
phpgedview phpgedview 2.52.3 |
||
phpgedview phpgedview 2.60 |
||
phpgedview phpgedview |