CVE-2011-0405

Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.

Date published : 2011-01-10

http://www.securityfocus.com/bid/45674

http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059