Gentoo Logo

PHProjekt: setup.php vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200412-06 / PHProjekt
Release Date December 10, 2004
Latest Revision December 10, 2004: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-apps/phprojekt < 4.2-r1 >= 4.2-r1 All supported architectures

Related bugreports: #73021


PHProjekt contains a vulnerability in the setup procedure allowing remote users without admin rights to change the configuration.

2.  Impact Information


PHProjekt is a modular groupware web application used to coordinate group activities and share files.


Martin Muench, from it.sec, found a flaw in the setup.php file.


Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorized changes to PHProjekt configuration.

3.  Resolution Information


As a workaround, you could replace the existing setup.php file in PHProjekt root directory by the one provided on the PHProjekt Advisory (see References).


All PHProjekt users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1"

4.  References


Page updated December 10, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.