PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.09543
Percentile: 0.92489

CVSS Scoring

Affected Products

• cpe:2.3:a:phpgedview:phpgedview:2.52.3:*:*:*:*:*:*:*
• cpe:2.3:a:phpgedview:phpgedview:2.60:*:*:*:*:*:*:*
• cpe:2.3:a:phpgedview:phpgedview:2.61:*:*:*:*:*:*:*
• cpe:2.3:a:phpgedview:phpgedview:2.61.1:*:*:*:*:*:*:*
• cpe:2.3:a:phpgedview:phpgedview:2.65:*:*:*:*:*:*:*
• cpe:2.3:a:phpgedview:phpgedview:2.65.1:*:*:*:*:*:*:*

← Back to Home