CVE-2004-0130

high

Description

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15128

http://www.osvdb.org/6886

http://www.netvigilance.com/advisory0001

http://securitytracker.com/alerts/2004/Jan/1008844.html

Details

Source: Mitre, NVD

Published: 2004-03-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.0057