phpGedView Arbitrary File Access / Remote File Inclusion

high Nessus Plugin ID 12034



A remote web application is affected by several flaws.


A vulnerability exists in the installed version of PhpGedView that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user.

Another vulnerability could allow an attacker to include arbitrary PHP files hosted on a third-party website.


Upgrade to PhpGedView 2.65.2 or later.

See Also

Plugin Details

Severity: High

ID: 12034

File Name: phpgedview_directory_traversal.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 2/2/2004

Updated: 4/7/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: Medium

Score: 6.3


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpgedview:phpgedview

Required KB Items: www/PHP, www/phpgedview

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/28/2004

Reference Information

CVE: CVE-2004-0127, CVE-2004-0128

BID: 9529, 9531