CVE-2005-4467

Published: Dec 22, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.

Affected (9)

Products: Phpgedview: Phpgedview

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Phpgedview Phpgedview	Version 2.52.3
Phpgedview Phpgedview	Version 2.60
Phpgedview Phpgedview	Version 2.61.1
Phpgedview Phpgedview	Version 2.61
Phpgedview Phpgedview	Version 2.65.1
Phpgedview Phpgedview	Version 2.65.2
Phpgedview Phpgedview	Version 2.65
Phpgedview Phpgedview	Version 2.65_beta5
Phpgedview Phpgedview	Version 3.3.7

References (20)

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64

Source: cve@mitre.org

http://rgod.altervista.org/phpgedview_337_xpl.html

Source: cve@mitre.org

http://secunia.com/advisories/18177

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1015395

Source: cve@mitre.org

http://www.osvdb.org/22009

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/419906/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/15983

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2005/3033

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/23871

Source: cve@mitre.org

https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081

Source: cve@mitre.org

Patch

http://cvs.sourceforge.net/viewcvs.py/phpgedview/phpGedView/help_text_vars.php?r1=1.63&r2=1.64

Source: af854a3a-2127-422b-91ae-364da2661108

http://rgod.altervista.org/phpgedview_337_xpl.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/18177

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1015395

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/22009

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/419906/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15983

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2005/3033

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/23871

Source: af854a3a-2127-422b-91ae-364da2661108

https://sourceforge.net/tracker/index.php?func=detail&aid=1386434&group_id=55456&atid=477081

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.