From: "Albrecht Guenther" <ag@phprojekt.com>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Subject: security hole in os groupware suite PHProjekt
Date: Sun, 26 Aug 2001 22:39:06 +0200
Overview
PHProjekt is an open source groupware suite written in PHP4
with mysql/postgres/oracle/informix/ms-sql support:
www.PHProjekt.com
The security hole concernes the several modules.
Details
By modifying the ID number in links an user can
view, moduify or delete data of other users randomly.
Affected systems
The concerned releases are all versions until 2.4.
Solution
All respective actions are now checked for the authentification.
Download the newest release 2.4a from the homepage
www.PHProjekt.com/download/phprojekt.tar.gz
Credit
Martin Mayrhofer kindly provided me with this information.
Albrecht Guenther
![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)