Test ID:	1.3.6.1.4.1.25623.1.0.11982
Category:	Web application abuses
Title:	phpGedView Code injection Vulnerability
Summary:	The remote host is running phpGedView, a set of CGI scripts which; parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs.;; There are multiple vulnerabilities in this product :;; - A path disclosure vulnerability, which will give more information about this host to a remote attacker;; - A cross site scripting vulnerability, which may allow an attacker inject malicious HTML code in it;; - A code injection vulnerability, which may allow an attacker to make this server execute arbitrary PHP; code hosted on a third party website.
Description:	Summary: The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information about this host to a remote attacker - A cross site scripting vulnerability, which may allow an attacker inject malicious HTML code in it - A code injection vulnerability, which may allow an attacker to make this server execute arbitrary PHP code hosted on a third party website. Affected Software/OS: phpGedView version 2.61. Other versions might be affected as well. Solution: Upgrade to the latest version of this software. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2004 Noam Rathaus

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.