CVE-2007-1639

Name of the Vulnerable Software and Affected Versions: PHProjekt version 5.2.0

Description: The issue allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension. This can be accessed by the calendar or file management module. The vulnerability is exploitable when magic quotes gpc is disabled.

Recommendations: For PHProjekt version 5.2.0, consider disabling file uploads or restricting executable file extensions as a temporary workaround until a patch is available. Restrict access to the calendar and file management modules to minimize the risk of exploitation.