Main Vulnerability Database Exploits ID:4304 - Exploit for Path traversal in PhpGedView - CVE-2011-0405

ID:4304 - Exploit for Path traversal in PhpGedView - CVE-2011-0405

Published: August 11, 2020

Vulnerability identifier: #VU45472

Vulnerability risk: Medium

CVE-ID: CVE-2011-0405

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
PhpGedView

Link to public exploit:

https://www.exploit-db.com/exploits/15913/

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled,. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:4304 - Exploit for Path traversal in PhpGedView - CVE-2011-0405

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human