Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2005-12-21 16:03
Updated : 2018-10-19 08:41
NVD link : CVE-2005-4469
Mitre link : CVE-2005-4469
JSON object : View
CWE
Products Affected
phpgedview
- phpgedview