CVE-2004-0130

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.

Published: Mar 3, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0130
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpgedview / phpgedview	-	2.65.x

http://securitytracker.com/alerts/2004/Jan/1008844.html
http://www.netvigilance.com/advisory0001
http://www.osvdb.org/6886
http://www.securiteam.com/unixfocus/5NP0M1PBPQ.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15128

Vulnerability Database

289,697

CVE-2004-0130