Executive Summary

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

Why It Matters

CVE-2004-0030 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.8/10

Affected Technologies

Vendors: phpgedview

Products: phpgedview

🛡️What Defenders Should Check

Check if you are affected — Review your asset inventory for products listed in CVE-2004-0030.

Apply available patches — Visit vendor advisories for the latest security updates.

Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

Use Vulnios to continuously monitor your exposure to CVE-2004-0030 and similar vulnerabilities.

References & Sources

http://marc.info/?l=bugtraq&m=107340840209453&w=2

http://secunia.com/advisories/10565

http://www.osvdb.org/3343

http://www.securityfocus.com/bid/9368

http://www.securitytracker.com/id?1008632

https://exchange.xforce.ibmcloud.com/vulnerabilities/14159

http://marc.info/?l=bugtraq&m=107340840209453&w=2

http://secunia.com/advisories/10565

http://www.osvdb.org/3343

http://www.securityfocus.com/bid/9368

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

phpgedview

Sources

NVD / NIST

critical

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

Critical Vulnerability: CVE-2004-0030 — phpgedview — phpgedview