Vulnerability Details CVE-2004-2538
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt
- http://secunia.com/advisories/12853
- http://securitytracker.com/id?1011911
- http://www.osvdb.org/11102
- http://www.securityfocus.com/bid/11524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17848
- http://phpcodegenie.sourceforge.net/phpCodeGenie/docs/ChangeLog.txt
- http://secunia.com/advisories/12853
- http://securitytracker.com/id?1011911
- http://www.osvdb.org/11102
- http://www.securityfocus.com/bid/11524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17848
Products affected by CVE-2004-2538
-
cpe:2.3:a:nilesh_dosooye:phpcodegenie:*
-
cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.1
-
cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.21
-
cpe:2.3:a:nilesh_dosooye:phpcodegenie:1.4
-
cpe:2.3:a:nilesh_dosooye:phpcodegenie:3.0_alpha
-
cpe:2.3:a:nilesh_dosooye:phpcodegenie:3.0_beta