CVE-2007-1576

Name of the Vulnerable Software and Affected Versions PHProjekt version 5.2.0

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to various modules, including Projects, Contacts, Helpdesk, Search (only in Gecko engine driven Browsers), and Notes, as well as the Mail summary page and other unspecified files, when magic quotes gpc is disabled.

Recommendations For PHProjekt version 5.2.0, consider disabling the affected modules, such as Projects, Contacts, Helpdesk, Search, and Notes, until a patch is available. Restrict access to the Mail summary page to minimize the risk of exploitation. Additionally, enable magic quotes gpc to prevent the injection of arbitrary web script or HTML.