CVE-2006-4204

Name of the Vulnerable Software and Affected Versions PHProjekt versions 5.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the path pre parameter in lib/specialdays.php and the lib path parameter in lib/dbman filter.inc.php.

Recommendations For PHProjekt versions 5.1 and earlier, consider restricting access to the lib/specialdays.php and lib/dbman filter.inc.php files until a patch is available. As a temporary workaround, avoid using the path pre and lib path parameters in the affected files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.