ID de Prueba:	1.3.6.1.4.1.25623.1.0.11982
Categoría:	Web application abuses
Título:	phpGedView Code injection Vulnerability
Resumen:	The remote host is running phpGedView, a set of CGI scripts which; parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs.;; There are multiple vulnerabilities in this product :;; - A path disclosure vulnerability, which will give more information about this host to a remote attacker;; - A cross site scripting vulnerability, which may allow an attacker inject malicious HTML code in it;; - A code injection vulnerability, which may allow an attacker to make this server execute arbitrary PHP; code hosted on a third party website.
Descripción:	Summary: The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information about this host to a remote attacker - A cross site scripting vulnerability, which may allow an attacker inject malicious HTML code in it - A code injection vulnerability, which may allow an attacker to make this server execute arbitrary PHP code hosted on a third party website. Affected Software/OS: phpGedView version 2.61. Other versions might be affected as well. Solution: Upgrade to the latest version of this software. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2004 Noam Rathaus

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.