|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200412-06] PHProjekt: setup.php vulnerability Vulnerability Scan
Vulnerability Scan Summary PHProjekt: setup.php vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-06
(PHProjekt: setup.php vulnerability)
Martin Muench, from it.sec, found a flaw in the setup.php file.
Impact
Successful exploitation of the flaw allows a remote attacker
without admin rights to make unauthorized changes to PHProjekt
configuration.
Workaround
As a workaround, you could replace the existing setup.php file in
PHProjekt root directory by the one provided on the PHProjekt Advisory
(see References).
References:
http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=189&mode=thread&order=0
Solution:
All PHProjekt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|