PHProjekt SQL Injection Vulnerability

info
discussion
exploit
solution
references

PHProjekt SQL Injection Vulnerability

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

PHProjekt does not properly sanitize user-supplied data before it is passed into SQL queries. This makes it possible for attackers to launch SQL injection attacks.