PhpGedView contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'help_text_vars.php' not properly sanitizing user-supplied input to the 'PGV_BASE_DIRECTORY' variable. When the register_globals PHP option is set to 'on', a remote attacker can display the contents of local files. In addition, when the magic_quotes_gpc and the allow_url_fopen PHP options are set to 'on', a remote attacker can include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Upgrade to version 3.3.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015395
• Milw0rm: 1379
• Exploit Database: 1379
• Bugtraq ID: 15983
• Secunia Advisory ID: 18177
• CVE ID: 2005-4467 (see also: NVD) 2005-4468 (see also: NVD)
• Related OSVDB ID: 22010
• ISS X-Force ID: 23871
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0243.html
• Other Advisory URL: http://rgod.altervista.org/phpgedview_337_xpl.html
• Vendor URL: http://www.phpgedview.net/

• rgod - rgod's Site