PHProjekt Unspecified Authentication Bypass Vulnerability

PHProjekt Unspecified Authentication Bypass Vulnerability

Solution:
An updated 'setup.php' file is available to resolve this issue. The vendor advises that this file should be unpacked and should be used to replace the 'setup.php' file in the root directory of the installation:
http://phprojekt.com/files/4.2/setup.zip

Gentoo Linux has released an advisory (GLSA 200412-06) and an updated eBuild to address this vulnerability. As a superuser, Gentoo users are advised to execute the following commands in order to apply these updates:

emerge --sync
emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1"

SuSE Linux has released a summary report dealing with this issue. Please see the referenced advisory and contact the vendor for information on obtaining the updated packages.