[22428] in bugtraq
security hole in os groupware suite PHProjekt
daemon@ATHENA.MIT.EDU (Albrecht Guenther)
Sun Aug 26 17:34:09 2001
Message-ID: <002701c12e6f$35721100$5904d6c3@mucweb.de>
From: "Albrecht Guenther" <ag@phprojekt.com>
To: <BUGTRAQ@securityfocus.com>
Date: Sun, 26 Aug 2001 22:39:06 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Overview
PHProjekt is an open source groupware suite written in PHP4
with mysql/postgres/oracle/informix/ms-sql support:
www.PHProjekt.com
The security hole concernes the several modules.
Details
By modifying the ID number in links an user can
view, moduify or delete data of other users randomly.
Affected systems
The concerned releases are all versions until 2.4.
Solution
All respective actions are now checked for the authentification.
Download the newest release 2.4a from the homepage
www.PHProjekt.com/download/phprojekt.tar.gz
Credit
Martin Mayrhofer kindly provided me with this information.
Albrecht Guenther
