CVE Vulnerability

CVE-2007-1638

Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.nruns.de/security_advisory_phprojekt_csrf.php
http://www.phprojekt.com/index.php?name=News&file=article&sid=276
http://secunia.com/advisories/24509 Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200706-07.xml
http://secunia.com/advisories/25748
http://securityreason.com/securityalert/2477
http://osvdb.org/35162
https://exchange.xforce.ibmcloud.com/vulnerabilities/32989
http://www.securityfocus.com/archive/1/462786/100/100/threaded
Configurations

Configuration 1

cpe:2.3:a:phpprojekt:phpprojekt:5.2.0:*:*:*:*:*:*:*
Information

Published : 2007-03-23 11:19

Updated : 2018-10-16 04:39

NVD link : CVE-2007-1638

Mitre link : CVE-2007-1638

Products Affected
No products.
CWE
NVD-CWE-Other