PhpGedView contains a flaw that may lead to an unauthorized password modification. It is possible to modify the administrative password when editconfig.php is not deleted after installation, which may lead to a loss of confidentiality, integrity and/or availability.
Upgrade to version 2.65 or higher, as it has been reported to fix this vulnerability. Note that version 2.65 is currently available only as a beta release. It is also possible to correct the flaw by implementing the following workaround(s): Delete editconfig.php after installation.