PHProjekt Arbitrary User Modification Vulnerability

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team.

PHProjekt(versions prior to 2.4a) is prone to an input validation problem which will allow remote attackers to view, modify and delete arbitrary user data. This is done by changing the ID number in the URL.


 

Privacy Statement
Copyright 2010, SecurityFocus