CVE-2004-0030

CRITICAL

phpgedview 2.61 - Remote File Inclusion via PGV_BASE_DIRECTORY Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0030. PoCs published by Windak.

AI-analyzed exploit summary The provided text describes a file inclusion vulnerability in PhpGedView, where remote attackers can manipulate the PGV_BASE_DIRECTORY parameter to include and execute malicious PHP scripts from external servers. The vulnerability affects multiple scripts in PhpGedView 2.61 and potentially other versions.

Description

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Windak · textwebappsphp

https://www.exploit-db.com/exploits/23520

View Code ZIP pw:eip

The provided text describes a file inclusion vulnerability in PhpGedView, where remote attackers can manipulate the PGV_BASE_DIRECTORY parameter to include and execute malicious PHP scripts from external servers. The vulnerability affects multiple scripts in PhpGedView 2.61 and potentially other versions.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PhpGedView 2.61

No auth needed

Prerequisites: Access to the vulnerable PhpGedView installation · Ability to host malicious PHP scripts on an attacker-controlled server

MITRE ATT&CK