Windak

3 exploits Active since Jan 2004
CVE-2004-0030 EXPLOITDB CRITICAL text WRITEUP
phpgedview 2.61 - Remote File Inclusion via PGV_BASE_DIRECTORY Parameter
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
CVSS 9.8
CVE-2004-0033 EXPLOITDB text WRITEUP
phpgedview 2.61 - Remote Information Disclosure via Admin Action Parameter
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.
CVE-2004-0032 EXPLOITDB text WORKING POC
phpgedview 2.61 - Cross-Site Scripting via Search Firstname Parameter
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.