CVE-2007-1638
- EPSS 2.07%
- Veröffentlicht 23.03.2007 23:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (...
CVE-2007-1639
- EPSS 1.96%
- Veröffentlicht 23.03.2007 23:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calend...
CVE-2006-4609
- EPSS 4.34%
- Veröffentlicht 07.09.2006 00:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_l...
CVE-2002-0451
- EPSS 5.77%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
CVE-2001-0995
- EPSS 0.87%
- Veröffentlicht 31.08.2001 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.