COMMAND

    PHProjekt

SYSTEMS AFFECTED

    The concerned releases are all versions until 2.4.

PROBLEM

    Albrecht  Guenther  found  following  and  Martin Mayrhofer kindly
    provided some information.  PHProjekt is an open source  groupware
    suite written  in PHP4  with mysql/postgres/oracle/informix/ms-sql
    The security hole concernes the several modules.

    By modifying the ID number in  links an user can view, moduify  or
    delete data of other users randomly.

SOLUTION

    All respective actions are  now checked for the  authentification.
    Download the newest release 2.4a from the homepage:

        http://www.PHProjekt.com/download/phprojekt.tar.gz