security hole in os groupware suite PHProjekt

From: Albrecht Guenther (agat_private)
Date: Sun Aug 26 2001 - 13:39:06 PDT

Next message: Borja Marcos: "Eudora MUA: Risky practice"

Previous message: RoMaN SoFt / LLFB!!: "SuSE 7.2 (& others) sendmail local xploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   Overview
PHProjekt is an open source groupware suite written in PHP4 
with mysql/postgres/oracle/informix/ms-sql support: 
www.PHProjekt.com
The security hole concernes the several modules.

    Details
By modifying the ID number in links an user can
view, moduify or delete data of other users randomly.
 
  Affected systems
The concerned releases are all versions until 2.4.

    Solution
All respective actions are now checked for the authentification.
Download the newest release 2.4a from the homepage
www.PHProjekt.com/download/phprojekt.tar.gz

   Credit
Martin Mayrhofer kindly provided me with this information.


Albrecht Guenther

Next message: Borja Marcos: "Eudora MUA: Risky practice"
Previous message: RoMaN SoFt / LLFB!!: "SuSE 7.2 (& others) sendmail local xploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Aug 26 2001 - 14:28:06 PDT