The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phprojekt | Phprojekt | 2.0 (including) | 2.0 (including) |
| Phprojekt | Phprojekt | 2.0.1 (including) | 2.0.1 (including) |
| Phprojekt | Phprojekt | 2.1 (including) | 2.1 (including) |
| Phprojekt | Phprojekt | 2.1a (including) | 2.1a (including) |
| Phprojekt | Phprojekt | 2.2 (including) | 2.2 (including) |
| Phprojekt | Phprojekt | 2.3 (including) | 2.3 (including) |
| Phprojekt | Phprojekt | 2.4 (including) | 2.4 (including) |
| Phprojekt | Phprojekt | 2.4a (including) | 2.4a (including) |
| Phprojekt | Phprojekt | 3.0 (including) | 3.0 (including) |
| Phprojekt | Phprojekt | 3.1 (including) | 3.1 (including) |
| Phprojekt | Phprojekt | 3.1a (including) | 3.1a (including) |
| Phprojekt | Phprojekt | 3.2 (including) | 3.2 (including) |
References
- http://secunia.com/advisories/13355
- http://securitytracker.com/id?1012369
- http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml
- http://www.novell.com/linux/security/advisories/2004_04_sr.html
- http://www.osvdb.org/12174
- http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0
- http://www.securityfocus.com/bid/11797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18320
- http://secunia.com/advisories/13355
- http://securitytracker.com/id?1012369
- http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml
- http://www.novell.com/linux/security/advisories/2004_04_sr.html
- http://www.osvdb.org/12174
- http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0
- http://www.securityfocus.com/bid/11797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18320