SB2011011101 - Multiple vulnerabilities in phpgedview.sourceforge.net PhpGedView

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011011101

SB2011011101 - Multiple vulnerabilities in phpgedview.sourceforge.net PhpGedView

Published: January 11, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011011101
CSH Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2011-3778)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files.


2) Path traversal (CVE-ID: CVE-2011-0405)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled,. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References