Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-2064 | First vendor Publication | 2008-05-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2064 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18745 | |||
| Oval ID: | oval:org.mitre.oval:def:18745 | ||
| Title: | DSA-1580-1 phpgedview - privilege escalation | ||
| Description: | It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1580-1 CVE-2008-2064 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | phpgedview |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8203 | |||
| Oval ID: | oval:org.mitre.oval:def:8203 | ||
| Title: | DSA-1580 phpgedview -- programming error | ||
| Description: | It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error. Note: this problem was a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems. Resolving this problem was only possible by completely reworking the API, which is not considered appropriate for a security update. Since these are peripheral functions probably not used by the large majority of package users, it was decided to remove these interfaces. If you require that interface nonetheless, you are advised to use a version of phpGedView backported from Debian Lenny, which has a completely redesigned API. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1580 CVE-2008-2064 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | phpgedview |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-05-27 | Name : Debian Security Advisory DSA 1580-1 (phpgedview) File : nvt/deb_1580_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 44667 | PhpGedView Unspecified Error Arbitrary Remote Code Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-05-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1580.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:14:26 |
|
| 2024-11-28 12:15:32 |
|
| 2021-05-04 12:07:28 |
|
| 2021-04-22 01:07:52 |
|
| 2020-05-23 01:39:26 |
|
| 2020-05-23 00:21:38 |
|
| 2017-08-08 09:24:04 |
|
| 2016-04-26 17:22:04 |
|
| 2014-02-17 10:44:50 |
|
| 2013-05-11 00:16:18 |
|
