GEN:SID 1:2367
Message WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the PHP web application PhpGedView.
Impact Execution of arbitrary code on the affected system
Detailed Information PhpGedView contains a flaw such that it may be possible for an attacker
to include code of their choosing by manipulating the PGV_BASE_DIRECTORY
parameter when making a GET or POST  request to a vulnerable system.

It may be possible for an attacker to execute that code with the
privileges of the user running the webserver, usually root.
Affected Systems PhpGedView 2.65.1 and earlier
Attack Scenarios An attacker can make a request to an affected script and define their
own path to the PGV_BASE_DIRECTORY variable.
Ease of Attack Simple. No exploit software required.
Corrective Action Apply the appropriate vendor supplied patches

Upgrade to the latest non-affected version of the software
Additional References CERT:
http://www.cert.org/advisories/CA-2003-07.html
Rule References bugtraq: 9368
cve: 2004-0030