PhpGedView Code Injection Vulnerability Network Vulnerability

Summary

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information about this host to a remote attacker - A cross site scripting vulnerability, which may allow an attacker inject malicious HTML code in it - A code injection vulnerability, which may allow an attacker to make this server execute arbitrary PHP code hosted on a third party website.

Solution

Upgrade to the latest version of this software

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Athena Web Registration remote command execution flaw
ARRIS 2307 Unprotected Web Console
Apache Struts ClassLoader Manipulation Vulnerabilities

phpGedView Code injection Vulnerability

Take action and discover your vulnerabilities