PHProjekt Directory Escaping Vulnerability

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team.

A problem in the package could allow users of the software access to unauthorized resources. Due to insufficient checking of input, it is possible for a user to append a request with the dot-dot (..) extension, breaking out of the confines of the configuration limitations.

This makes it possible for remote user to gain access to restricted resources, and gather information or potentially gain local access.


Privacy Statement
Copyright 2010, SecurityFocus