CVE-2007-1638 Information
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0 when magic_quotes_gpc is disabled allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects (2) Contacts (3) Helpdesk (4) Notes (5) Search (6) Mail or (7) Filemanager module; the (9) summary page; or unspecified other files.
Reference
http://osvdb.org/35162 http://secunia.com/advisories/24509 http://secunia.com/advisories/25748 http://security.gentoo.org/glsa/glsa-200706-07.xml http://securityreason.com/securityalert/2477 http://www.nruns.de/security_advisory_phprojekt_csrf.php http://www.phprojekt.com/index.php?name=News&file=article&sid=276 http://www.securityfocus.com/archive/1/462786/100/100/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32989
Share on: