Family: CGI abuses --> Category: infos
phpGedView Code injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detect phpGedView Include() Vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is running phpGedView, a set of CGI scripts which
parse GEDCOM 5.5 genealogy files and display them on the internet in a
format similar to desktop programs.
There are multiple vulnerabilities in this product :
- A path disclosure vulnerability, which will give more information
about this host to a remote attacker
- A cross site scripting vulnerability, which may allow a possible hacker
inject malicious HTML code in it
- A code injection vulnerability, which may allow a possible hacker to make
this server execute arbitrary PHP code hosted on a third party website.
Solution : Upgrade to the latest version of this software
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.