CVE-2004-0030

Name of the Vulnerable Software and Affected Versions PHPGEDVIEW version 2.61

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the PGV BASE DIRECTORY parameter to reference a URL on a remote web server that contains the code. This is possible due to a remote file inclusion vulnerability in files such as functions.php, authentication index.php, and config gedcom.php.

Recommendations For PHPGEDVIEW version 2.61, consider restricting access to the PGV BASE DIRECTORY parameter to prevent modification and minimize the risk of exploitation. Additionally, as a temporary workaround, consider disabling the execution of remote PHP code in the affected files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.