CVE-2004-0030 in PHPGEDVIEW
Summary
by MITRE
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/24/2025
The vulnerability described in CVE-2004-0030 represents a critical remote file inclusion flaw affecting PHPGEDVIEW version 2.61. This vulnerability exists in three key files within the application's codebase including functions.php, authentication_index.php, and config_gedcom.php. The flaw stems from insufficient input validation and sanitization mechanisms that allow malicious actors to manipulate the PGV_BASE_DIRECTORY parameter, which serves as a critical configuration variable in the application's directory structure handling. When attackers successfully exploit this vulnerability, they can inject remote URLs into the parameter, effectively enabling the application to include and execute arbitrary PHP code from external web servers.
This vulnerability directly maps to CWE-88, which describes the weakness of allowing command injection through improper input validation, and falls under the broader category of CWE-94, representing the execution of arbitrary code. The attack vector leverages the application's trust in user-supplied input without proper verification, creating an environment where remote code execution becomes possible. The flaw operates at the application level where user-provided parameters are directly used in file inclusion operations without adequate sanitization, making it particularly dangerous for web applications that handle user input.
The operational impact of this vulnerability is severe and far-reaching for any system running PHPGEDVIEW 2.61. Attackers can leverage this weakness to execute malicious code with the privileges of the web server process, potentially leading to complete system compromise, data exfiltration, and persistence mechanisms within the affected environment. The remote nature of the attack means that exploitation can occur from anywhere on the internet without requiring local access to the system, making it particularly attractive to threat actors. Additionally, the vulnerability affects core application functionality files, ensuring that successful exploitation can disrupt normal operations while simultaneously providing attackers with elevated privileges to manipulate the entire application infrastructure.
Mitigation strategies for this vulnerability should focus on immediate patching of the affected PHPGEDVIEW version to the latest available release that addresses the remote file inclusion issue. Administrators should implement strict input validation and sanitization for all user-supplied parameters, particularly those used in file inclusion operations. The implementation of a whitelist-based approach for directory parameters and the removal of dynamic file inclusion based on user input are essential defensive measures. Network-level protections including web application firewalls and intrusion detection systems can provide additional layers of defense, though they should not be considered substitutes for proper code-level fixes. Organizations should also conduct comprehensive security assessments of their PHPGEDVIEW installations to identify and remediate similar vulnerabilities that may exist in other parts of their web application infrastructure. The vulnerability serves as a prime example of why secure coding practices must be implemented throughout the development lifecycle, emphasizing the importance of input validation and the principle of least privilege in preventing remote code execution attacks.