CVE-2007-1575

Name of the Vulnerable Software and Affected Versions PHProjekt version 5.2.0

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible due to multiple SQL injection vulnerabilities when the magic quotes gpc setting is disabled. The vulnerabilities are found in the calendar and search modules, as well as in an unspecified cookie when the user logs out.

Recommendations For PHProjekt version 5.2.0, consider disabling the calendar and search modules until a patch is available. Additionally, restrict access to the logout functionality to minimize the risk of exploitation. As a temporary workaround, enable the magic quotes gpc setting to prevent SQL injection attacks.