In association with heise online

14 March 2007, 16:44

Vulnerabilities in PHProjekt fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 5.2.1 of the open source groupware PHProjekt fixes a number of security vulnerabilities and numerous other bugs. In addition, password encryption has been improved in order to make life more difficult for rainbow table attacks aimed at cracking passwords.

Using a vulnerability discovered by German security services provider n.runs, it was possible for authenticated users to access the PHProjekt database using SQL injection. In addition, using the calendar and file management module it was possible to upload and execute certain PHP files. On top of this, despite PHProjekt's XSS filters, a number of modules contained exploitable cross-site scripting (XSS) vulnerabilities. Vendor Mayflower recommends switching to the new version as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit