Detections
Analytics

GLSA-200412-06 : PHProjekt: setup.php vulnerability

medium Nessus Plugin ID 15933

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200412-06 (PHProjekt: setup.php vulnerability)

 Martin Muench, from it.sec, found a flaw in the setup.php file.
 Impact :

 Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorized changes to PHProjekt configuration.
 Workaround :

 As a workaround, you could replace the existing setup.php file in PHProjekt root directory by the one provided on the PHProjekt Advisory (see References).

Solution

All PHProjekt users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/phprojekt-4.2-r1'

See Also

http://www.nessus.org/u?a07ea2e1

https://security.gentoo.org/glsa/200412-06

Plugin Details

Severity: Medium

ID: 15933

File Name: gentoo_GLSA-200412-06.nasl

Version: 1.16

Type: local

Published: 12/11/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:phprojekt, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 12/10/2004

Vulnerability Publication Date: 12/2/2004

Reference Information

GLSA: 200412-06