PhpGedView PHPInfo信息泄露弱点

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107620 漏洞类型 访问验证错误
发布时间 2004-01-06 更新时间 2005-09-02
CVE编号 CVE-2004-0033 CNNVD-ID CNNVD-200401-044
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23526
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200401-044
|漏洞详情
PHPGEDVIEW2.61版本中的admin.php存在漏洞。远程攻击者可以通过带有phpinfo命令的action参数来获取敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/9371/info

PhpGedView allows remote users to access information displayed by the phpinfo() function. This may disclose sensitive information about the environment the software runs in.

This issue is reported to affect PhpGedView 2.61. Other versions are also likely affected.

http://www.example.com/phpgedview_folder/admin.php?action=phpinfo
|参考资料

来源:BUGTRAQ
名称:20040106VulninPHPGEDVIEW2.61Multi-Problem
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107340840209453&w=2
来源:XF
名称:phpgedview-admin-info-disclosure(14162)
链接:http://xforce.iss.net/xforce/xfdb/14162
来源:BID
名称:9371
链接:http://www.securityfocus.com/bid/9371
来源:OSVDB
名称:3404
链接:http://www.osvdb.org/3404
来源:SECUNIA
名称:10565
链接:http://secunia.com/advisories/10565