CVE-2011-0405

Phpgedview - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · perlwebappsphp

https://www.exploit-db.com/exploits/15913

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/42786

[Exploit] http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059

[Patch] http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081

[Exploit] http://www.exploit-db.com/exploits/15913

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0036

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45674

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64733

[Third Party Advisory, VDB Entry] http://osvdb.org/70295

Scores

EPSS 0.0989

EPSS Percentile 92.9%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

phpgedview/phpgedview

Timeline

Published Jan 11, 2011

Tracked Since Feb 18, 2026