Description
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Cedric Cochin · textwebappsphp
https://www.exploit-db.com/exploits/23617
References (6)
Core 6
Core References
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/352355
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10753/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14987
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9531
Vendor Advisory x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=141517
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3769
Scores
EPSS
0.0954
EPSS Percentile
92.9%
Details
Status
published
Products (6)
phpgedview/phpgedview
2.52.3
phpgedview/phpgedview
2.60
phpgedview/phpgedview
2.61
phpgedview/phpgedview
2.61.1
phpgedview/phpgedview
2.65
phpgedview/phpgedview
2.65.1
Published
Mar 03, 2004
Tracked Since
Feb 18, 2026