CVE-2007-1638

Name of the Vulnerable Software and Affected Versions: PHProjekt version 5.2.0

Description: The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the check csrftoken function. These vulnerabilities allow remote attackers to perform unauthorized actions as an arbitrary user via various modules, including Projects, Contacts, Helpdesk, Notes, Search, Mail, or Filemanager, as well as the summary page and other unspecified files, when magic quotes gpc is disabled.

Recommendations: For PHProjekt version 5.2.0, consider disabling the check csrftoken function temporarily until a patch is available, or apply configuration changes to enable magic quotes gpc to mitigate the risk of exploitation.