Overview PHProjekt is an open source groupware suite written in PHP4 with mysql/postgres/oracle/informix/ms-sql support: www.PHProjekt.com The security hole concernes the several modules. Details By modifying the ID number in links an user can view, moduify or delete data of other users randomly. Affected systems The concerned releases are all versions until 2.4. Solution All respective actions are now checked for the authentification. Download the newest release 2.4a from the homepage www.PHProjekt.com/download/phprojekt.tar.gz Credit Martin Mayrhofer kindly provided me with this information. Albrecht Guenther
This archive was generated by hypermail 2b30 : Sun Aug 26 2001 - 14:28:06 PDT