PhpGedView contains a a flaw which allows a SQL injection attack. User supplied input to timeline.php is not filtered before being used in the SQL query. A remote attacker can exploit this flaw to add, modify or delete information in the back-end database.
Upgrade to version 2.65 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.