From: "Albrecht Guenther" <ag@phprojekt.com> To: <BUGTRAQ@SECURITYFOCUS.COM> Subject: security hole in os groupware suite PHProjekt Date: Sun, 26 Aug 2001 22:39:06 +0200 Overview PHProjekt is an open source groupware suite written in PHP4 with mysql/postgres/oracle/informix/ms-sql support: www.PHProjekt.com The security hole concernes the several modules. Details By modifying the ID number in links an user can view, moduify or delete data of other users randomly. Affected systems The concerned releases are all versions until 2.4. Solution All respective actions are now checked for the authentification. Download the newest release 2.4a from the homepage www.PHProjekt.com/download/phprojekt.tar.gz Credit Martin Mayrhofer kindly provided me with this information. Albrecht Guenther