PhpGedView allows remote users to access information displayed by the phpinfo() function. This may disclose sensitive information about the environment the software runs in.
This issue is reported to affect PhpGedView 2.61. Other versions are also likely affected.
PhpGedView contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL uses the "admin.php" script and the "action" variable contains "phpinfo", which will disclose phpinfo() information resulting in a loss of confidentiality.
Upgrade to version 2.65 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Note that 2.65 is currently only available as a beta release.