Multiple Direct Static Code Injection Vulnerabilities in PHPGedView 3.3.7 and Earlier

Multiple Direct Static Code Injection Vulnerabilities in PHPGedView 3.3.7 and Earlier

CVE-2005-4469 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.

Learn more about our User Device Pen Test.