Vulnerability CVE-2004-2538


Published: 2004-12-31   Modified: 2012-02-12

Description:
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Nilesh dosooye -> Phpcodegenie 

 References:
http://www.securityfocus.com/bid/11524
http://securitytracker.com/id?1011911
http://secunia.com/advisories/12853
http://xforce.iss.net/xforce/xfdb/17848
http://www.osvdb.org/11102
http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt

Copyright 2024, cxsecurity.com

 

Back to Top