Bugtraq mailing list archives
security hole in os groupware suite PHProjekt
From: "Albrecht Guenther" <ag () phprojekt com>
Date: Sun, 26 Aug 2001 22:39:06 +0200
Overview PHProjekt is an open source groupware suite written in PHP4 with mysql/postgres/oracle/informix/ms-sql support: www.PHProjekt.com The security hole concernes the several modules. Details By modifying the ID number in links an user can view, moduify or delete data of other users randomly. Affected systems The concerned releases are all versions until 2.4. Solution All respective actions are now checked for the authentification. Download the newest release 2.4a from the homepage www.PHProjekt.com/download/phprojekt.tar.gz Credit Martin Mayrhofer kindly provided me with this information. Albrecht Guenther
Current thread:
- security hole in os groupware suite PHProjekt Albrecht Guenther (Aug 26)