Vulnerability Description
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpgedview | Phpgedview | 2.61 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=107340840209453&w=2Mailing ListPatch
- http://secunia.com/advisories/10565Broken LinkVendor Advisory
- http://www.osvdb.org/3343Broken Link
- http://www.securityfocus.com/bid/9368Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1008632Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14159Third Party AdvisoryVDB Entry
- http://marc.info/?l=bugtraq&m=107340840209453&w=2Mailing ListPatch
- http://secunia.com/advisories/10565Broken LinkVendor Advisory
- http://www.osvdb.org/3343Broken Link
- http://www.securityfocus.com/bid/9368Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1008632Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14159Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-0030?
CVE-2004-0030 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif...
How severe is CVE-2004-0030?
CVE-2004-0030 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2004-0030?
Check the references section above for vendor advisories and patch information. Affected products include: Phpgedview Phpgedview.