This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200706-07
(PHProjekt: Multiple vulnerabilities)
Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in
PHProjekt, including the execution of arbitrary SQL commands using
unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code
using an unrestricted file upload (CVE-2007-1639), cross-site request
forgeries using different modules (CVE-2007-1638), and a cross-site
scripting attack using unkown vectors (CVE-2007-1576).
An authenticated user could elevate their privileges by exploiting the
vulnerabilities described above. Note that the magic_quotes_gpc PHP
configuration setting must be set to 'off' to exploit these
There is no known workaround at this time.
See also :
All PHProjekt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phprojekt-5.2.1'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25562 (gentoo_GLSA-200706-07.nasl)
CVE ID: CVE-2007-1575CVE-2007-1576CVE-2007-1638CVE-2007-1639
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.