Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Wiki, Collaborationware :: pproje~1.htm

PHProjekt directory traversal



Vulnerability

    PHProjekt

Affected

    PHProjekt 2.0, 2.0.1, 2.1

Description

    PHProjekt is an open source  groupware suite written in PHP4  with
    mysql/postgres/oracle support.   The security  hole concernes  the
    file module.

    By adding the famous  ".." string to the  url one can have  access
    to other directories than the one which is specified in the config.

    The concerned releases are version 2.0, 2.0.1 and 2.1 of PHProjekt

    Credit goes to Daniel Wittenberg for founding this.

Solution

    A patched version of the file is available under:

        http://www.phprojekt.com/download/patch-2.1.tar.gz

    or download the newest release from the homepage.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH