CVE-2011-0405

Name of the Vulnerable Software and Affected Versions PhpGedView version 4.2.3

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the module.php file when magic quotes gpc is disabled. This can be achieved by using directory traversal sequences in the pgvaction parameter.

Recommendations For PhpGedView version 4.2.3, consider disabling the module.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent directory traversal attacks. Avoid using the pgvaction parameter in the affected module until the issue is resolved.