CVE-2004-2538

Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt
http://www.securityfocus.com/bid/11524	Patch
http://www.osvdb.org/11102
http://securitytracker.com/id?1011911	Patch
http://secunia.com/advisories/12853	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17848

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.1:::::::*
	cpe:2.3:a:nilesh_dosooye:phpcodegenie:3.0_alpha:::::::*
	cpe:2.3:a:nilesh_dosooye:phpcodegenie:3.0_beta:::::::*
	cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.21:::::::*
	cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.4:::::::*
	cpe:2.3:a:nilesh_dosooye:phpcodegenie::::::::

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2538

Mitre link : CVE-2004-2538

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

nilesh_dosooye

phpcodegenie

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt", "name": "http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/11524", "name": "11524", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.osvdb.org/11102", "name": "11102", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1011911", "name": "1011911", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/12853", "name": "12853", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17848", "name": "phpcodegenie-header-footer-command-execution(17848)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2538", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nilesh_dosooye:phpcodegenie:3.0_alpha:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nilesh_dosooye:phpcodegenie:3.0_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:nilesh_dosooye:phpcodegenie:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.0.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}