CVE-2007-1638

Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.

Published: Mar 24, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1638
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpprojekt / phpprojekt	5.2.0	5.2.0.x

http://osvdb.org/35162
http://secunia.com/advisories/24509
http://secunia.com/advisories/25748
http://security.gentoo.org/glsa/glsa-200706-07.xml
http://securityreason.com/securityalert/2477
http://www.nruns.de/security_advisory_phprojekt_csrf.php
http://www.phprojekt.com/index.php?name=News&file=article&sid=276
http://www.securityfocus.com/archive/1/462786/100/100/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32989

Vulnerability Database

CVE-2007-1638