Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200412-06] PHProjekt: setup.php vulnerability

Vulnerability Assessment Details

[GLSA-200412-06] PHProjekt: setup.php vulnerability
Vulnerability Assessment Summary
PHProjekt: setup.php vulnerability

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200412-06
(PHProjekt: setup.php vulnerability)


Martin Muench, from it.sec, found a flaw in the setup.php file.

Impact

Successful exploitation of the flaw permits a remote attacker
without admin rights to make unauthorized changes to PHProjekt
configuration.

Workaround

As a workaround, you could replace the existing setup.php file in
PHProjekt root directory by the one provided on the PHProjekt Advisory
(see References).

References:
http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=189&mode=thread&order=0


Solution:
All PHProjekt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Juniper QFX5100-48S-AFI 48x SFP+/SFP Ports 6x QSFP Ports Switch picture

Juniper QFX5100-48S-AFI 48x SFP+/SFP Ports 6x QSFP Ports Switch

$349.99


Juniper EX2200-C-12T-2G Gigabit Ethernet Managed Switch picture

Juniper EX2200-C-12T-2G Gigabit Ethernet Managed Switch

$59.99


Juniper QFX5200-32C-AFO QFX5200 32 port 100 Gigabit QSFP28 Switch picture

Juniper QFX5200-32C-AFO QFX5200 32 port 100 Gigabit QSFP28 Switch

$645.00


Juniper Networks EX-UM-4X4SFP EX4300 4 Port 1/10 Gigabit SFP+ Uplink Module picture

Juniper Networks EX-UM-4X4SFP EX4300 4 Port 1/10 Gigabit SFP+ Uplink Module

$39.00


Juniper EX2300-C-12P 12 Port PoE+ Rack Mountable Ethernet Switch picture

Juniper EX2300-C-12P 12 Port PoE+ Rack Mountable Ethernet Switch

$249.99


Juniper EX3400-48P 48-Port PoE+ 4x SFP+ 2x QSFP+ Switch Factory Sealed picture

Juniper EX3400-48P 48-Port PoE+ 4x SFP+ 2x QSFP+ Switch Factory Sealed

$295.00


*NEW* JUNIPER SRX320-SYS-JB-P - Services Gateway / Security Appliance Router picture

*NEW* JUNIPER SRX320-SYS-JB-P - Services Gateway / Security Appliance Router

$53.90


Juniper SRX320 8-Port Security Services Gateway Appliance picture

Juniper SRX320 8-Port Security Services Gateway Appliance

$69.99


Juniper Networks EX3300 SWITCH picture

Juniper Networks EX3300 SWITCH

$25.00


Juniper NFX250-S2 10-Port GbE & 2-Port SFP+ Layer 2 Network Services Platform picture

Juniper NFX250-S2 10-Port GbE & 2-Port SFP+ Layer 2 Network Services Platform

$209.99


Discussions

No Discussions have been posted on this vulnerability.