Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    28 vulnerabilities by phprojekt

    CVE-2011-3786 (GCVE-0-2011-3786)

    Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-17 03:38
    VLAI
    Summary
    PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:02.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5"
              },
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-24T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5"
            },
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5"
                },
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3786",
        "datePublished": "2011-09-24T00:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:38:58.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1575 (GCVE-0-2007-1575)

    Vulnerability from nvd – Published: 2007-03-21 21:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/462789/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/22955 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24509 third-party-advisoryx_refsource_SECUNIA
    http://www.phprojekt.com/index.php?name=News&file… x_refsource_CONFIRM
    http://www.nruns.com/security_advisory_phprojekt_… x_refsource_MISC
    http://security.gentoo.org/glsa/glsa-200706-07.xml vendor-advisoryx_refsource_GENTOO
    http://securityreason.com/securityalert/2466 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/25748 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.801Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462789/100/0/threaded"
              },
              {
                "name": "22955",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22955"
              },
              {
                "name": "24509",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24509"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php"
              },
              {
                "name": "GLSA-200706-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
              },
              {
                "name": "2466",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2466"
              },
              {
                "name": "25748",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462789/100/0/threaded"
            },
            {
              "name": "22955",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22955"
            },
            {
              "name": "24509",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24509"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php"
            },
            {
              "name": "GLSA-200706-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
            },
            {
              "name": "2466",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2466"
            },
            {
              "name": "25748",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462789/100/0/threaded"
                },
                {
                  "name": "22955",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22955"
                },
                {
                  "name": "24509",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24509"
                },
                {
                  "name": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
                },
                {
                  "name": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php"
                },
                {
                  "name": "GLSA-200706-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
                },
                {
                  "name": "2466",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2466"
                },
                {
                  "name": "25748",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1575",
        "datePublished": "2007-03-21T21:00:00.000Z",
        "dateReserved": "2007-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1576 (GCVE-0-2007-1576)

    Vulnerability from nvd – Published: 2007-03-21 21:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/34064 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34068 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/462788/100… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/34065 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34066 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34067 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34069 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24509 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22957 vdb-entryx_refsource_BID
    http://www.phprojekt.com/index.php?name=News&file… x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200706-07.xml vendor-advisoryx_refsource_GENTOO
    http://www.nruns.de/security_advisory_phprojekt_x… x_refsource_MISC
    http://securityreason.com/securityalert/2459 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/25748 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.735Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34064",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34064"
              },
              {
                "name": "34068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34068"
              },
              {
                "name": "20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded"
              },
              {
                "name": "34065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34065"
              },
              {
                "name": "34066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34066"
              },
              {
                "name": "34067",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34067"
              },
              {
                "name": "34069",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34069"
              },
              {
                "name": "24509",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24509"
              },
              {
                "name": "22957",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22957"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
              },
              {
                "name": "GLSA-200706-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php"
              },
              {
                "name": "2459",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2459"
              },
              {
                "name": "25748",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34064",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34064"
            },
            {
              "name": "34068",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34068"
            },
            {
              "name": "20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded"
            },
            {
              "name": "34065",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34065"
            },
            {
              "name": "34066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34066"
            },
            {
              "name": "34067",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34067"
            },
            {
              "name": "34069",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34069"
            },
            {
              "name": "24509",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24509"
            },
            {
              "name": "22957",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22957"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
            },
            {
              "name": "GLSA-200706-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php"
            },
            {
              "name": "2459",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2459"
            },
            {
              "name": "25748",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1576",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34064",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34064"
                },
                {
                  "name": "34068",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34068"
                },
                {
                  "name": "20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded"
                },
                {
                  "name": "34065",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34065"
                },
                {
                  "name": "34066",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34066"
                },
                {
                  "name": "34067",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34067"
                },
                {
                  "name": "34069",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34069"
                },
                {
                  "name": "24509",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24509"
                },
                {
                  "name": "22957",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22957"
                },
                {
                  "name": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
                },
                {
                  "name": "GLSA-200706-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
                },
                {
                  "name": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php"
                },
                {
                  "name": "2459",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2459"
                },
                {
                  "name": "25748",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1576",
        "datePublished": "2007-03-21T21:00:00.000Z",
        "dateReserved": "2007-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5123 (GCVE-0-2006-5123)

    Vulnerability from nvd – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22167 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/29290 vdb-entryx_refsource_OSVDB
    http://www.hardened-php.net/advisory_062006.129.html x_refsource_MISC
    http://www.securityfocus.com/bid/20268 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/447360/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/3845 vdb-entryx_refsource_VUPEN
    http://www.phprojekt.com/modules.php?op=modload&n… x_refsource_CONFIRM
    http://securityreason.com/securityalert/1672 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-09-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22167",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22167"
              },
              {
                "name": "29290",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29290"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.hardened-php.net/advisory_062006.129.html"
              },
              {
                "name": "20268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20268"
              },
              {
                "name": "20060929 Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/447360/100/0/threaded"
              },
              {
                "name": "phprojekt-unspecified-file-include(29262)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29262"
              },
              {
                "name": "ADV-2006-3845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3845"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259"
              },
              {
                "name": "1672",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1672"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22167",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22167"
            },
            {
              "name": "29290",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29290"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.hardened-php.net/advisory_062006.129.html"
            },
            {
              "name": "20268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20268"
            },
            {
              "name": "20060929 Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/447360/100/0/threaded"
            },
            {
              "name": "phprojekt-unspecified-file-include(29262)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29262"
            },
            {
              "name": "ADV-2006-3845",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3845"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259"
            },
            {
              "name": "1672",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1672"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5123",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22167",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22167"
                },
                {
                  "name": "29290",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29290"
                },
                {
                  "name": "http://www.hardened-php.net/advisory_062006.129.html",
                  "refsource": "MISC",
                  "url": "http://www.hardened-php.net/advisory_062006.129.html"
                },
                {
                  "name": "20268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20268"
                },
                {
                  "name": "20060929 Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/447360/100/0/threaded"
                },
                {
                  "name": "phprojekt-unspecified-file-include(29262)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29262"
                },
                {
                  "name": "ADV-2006-3845",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3845"
                },
                {
                  "name": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259"
                },
                {
                  "name": "1672",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1672"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5123",
        "datePublished": "2006-10-02T20:00:00.000Z",
        "dateReserved": "2006-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4204 (GCVE-0-2006-4204)

    Vulnerability from nvd – Published: 2006-08-17 21:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21526 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/19541 vdb-entryx_refsource_BID
    http://phprojekt.com/modules.php?op=modload&name=… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/2190 exploitx_refsource_EXPLOIT-DB
    http://www.vupen.com/english/advisories/2006/3284 vdb-entryx_refsource_VUPEN
    Date Public
    2006-08-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21526",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21526"
              },
              {
                "name": "19541",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19541"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0"
              },
              {
                "name": "phprojekt-libpath-file-include(28560)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
              },
              {
                "name": "2190",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2190"
              },
              {
                "name": "ADV-2006-3284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3284"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21526",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21526"
            },
            {
              "name": "19541",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19541"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0"
            },
            {
              "name": "phprojekt-libpath-file-include(28560)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
            },
            {
              "name": "2190",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2190"
            },
            {
              "name": "ADV-2006-3284",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3284"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4204",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21526",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21526"
                },
                {
                  "name": "19541",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19541"
                },
                {
                  "name": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0",
                  "refsource": "CONFIRM",
                  "url": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0"
                },
                {
                  "name": "phprojekt-libpath-file-include(28560)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
                },
                {
                  "name": "2190",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2190"
                },
                {
                  "name": "ADV-2006-3284",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3284"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4204",
        "datePublished": "2006-08-17T21:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.444Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1227 (GCVE-0-2005-1227)

    Vulnerability from nvd – Published: 2005-04-22 04:00 – Updated: 2024-08-07 21:44
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/15039 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/15720 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=111402374504496&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2005-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:44:05.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15039"
              },
              {
                "name": "15720",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/15720"
              },
              {
                "name": "phprojekt-url-tag-xss(20212)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20212"
              },
              {
                "name": "20050420 Secure Science Corporation Application Software Advisory 055",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=111402374504496\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15039",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15039"
            },
            {
              "name": "15720",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/15720"
            },
            {
              "name": "phprojekt-url-tag-xss(20212)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20212"
            },
            {
              "name": "20050420 Secure Science Corporation Application Software Advisory 055",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=111402374504496\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15039",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15039"
                },
                {
                  "name": "15720",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/15720"
                },
                {
                  "name": "phprojekt-url-tag-xss(20212)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20212"
                },
                {
                  "name": "20050420 Secure Science Corporation Application Software Advisory 055",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=111402374504496\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1227",
        "datePublished": "2005-04-22T04:00:00.000Z",
        "dateReserved": "2005-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:44:05.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2740 (GCVE-0-2004-2740)

    Vulnerability from nvd – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/13660 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12613 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/12116 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1012708 vdb-entryx_refsource_SECTRACK
    http://www.phprojekt.com/modules.php?op=modload&n… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-12-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200412-27",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml"
              },
              {
                "name": "13660",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13660"
              },
              {
                "name": "12613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12613"
              },
              {
                "name": "12116",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12116"
              },
              {
                "name": "1012708",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012708"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193"
              },
              {
                "name": "phprojekt-pathpre-file-include(18683)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200412-27",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml"
            },
            {
              "name": "13660",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13660"
            },
            {
              "name": "12613",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12613"
            },
            {
              "name": "12116",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12116"
            },
            {
              "name": "1012708",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012708"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193"
            },
            {
              "name": "phprojekt-pathpre-file-include(18683)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2740",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200412-27",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml"
                },
                {
                  "name": "13660",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13660"
                },
                {
                  "name": "12613",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12613"
                },
                {
                  "name": "12116",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12116"
                },
                {
                  "name": "1012708",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012708"
                },
                {
                  "name": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193"
                },
                {
                  "name": "phprojekt-pathpre-file-include(18683)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2740",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2739 (GCVE-0-2004-2739)

    Vulnerability from nvd – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/11797 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://securitytracker.com/id?1012369 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/13355 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12174 vdb-entryx_refsource_OSVDB
    http://www.phprojekt.com/modules.php?op=modload&n… x_refsource_CONFIRM
    Date Public
    2004-12-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "phprojekt-setup-command-execution(18320)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18320"
              },
              {
                "name": "11797",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11797"
              },
              {
                "name": "GLSA-200412-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml"
              },
              {
                "name": "SuSE-SR:2004:004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_04_sr.html"
              },
              {
                "name": "1012369",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012369"
              },
              {
                "name": "13355",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13355"
              },
              {
                "name": "12174",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12174"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "phprojekt-setup-command-execution(18320)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18320"
            },
            {
              "name": "11797",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11797"
            },
            {
              "name": "GLSA-200412-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml"
            },
            {
              "name": "SuSE-SR:2004:004",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_04_sr.html"
            },
            {
              "name": "1012369",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012369"
            },
            {
              "name": "13355",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13355"
            },
            {
              "name": "12174",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12174"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2739",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "phprojekt-setup-command-execution(18320)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18320"
                },
                {
                  "name": "11797",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11797"
                },
                {
                  "name": "GLSA-200412-06",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml"
                },
                {
                  "name": "SuSE-SR:2004:004",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_04_sr.html"
                },
                {
                  "name": "1012369",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012369"
                },
                {
                  "name": "13355",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13355"
                },
                {
                  "name": "12174",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12174"
                },
                {
                  "name": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2739",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1757 (GCVE-0-2002-1757)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4596 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/269407 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4596"
              },
              {
                "name": "phprojekt-unauth-script-access(8943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
              },
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/269407"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with \"sms\" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using \"mail_send.php/sms\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4596",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4596"
            },
            {
              "name": "phprojekt-unauth-script-access(8943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
            },
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/269407"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with \"sms\" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using \"mail_send.php/sms\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4596",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4596"
                },
                {
                  "name": "phprojekt-unauth-script-access(8943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
                },
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/269407"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1757",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1759 (GCVE-0-2002-1759)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4597 vdb-entryx_refsource_BID
    http://archive.cert.uni-stuttgart.de/archive/bugt… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4597",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4597"
              },
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
              },
              {
                "name": "phprojekt-upload-read-files(8944)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8944"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4597",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4597"
            },
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
            },
            {
              "name": "phprojekt-upload-read-files(8944)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8944"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4597",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4597"
                },
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
                },
                {
                  "name": "phprojekt-upload-read-files(8944)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8944"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1759",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1758 (GCVE-0-2002-1758)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/269407 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/4599 vdb-entryx_refsource_BID
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.203Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "phprojekt-unauth-script-access(8943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
              },
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/269407"
              },
              {
                "name": "4599",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4599"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "phprojekt-unauth-script-access(8943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
            },
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/269407"
            },
            {
              "name": "4599",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4599"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "phprojekt-unauth-script-access(8943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
                },
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/269407"
                },
                {
                  "name": "4599",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4599"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1758",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1760 (GCVE-0-2002-1760)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archive.cert.uni-stuttgart.de/archive/bugt… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/4598 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
              },
              {
                "name": "4598",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4598"
              },
              {
                "name": "phprojekt-sql-injection(8945)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8945"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
            },
            {
              "name": "4598",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4598"
            },
            {
              "name": "phprojekt-sql-injection(8945)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8945"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1760",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
                },
                {
                  "name": "4598",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4598"
                },
                {
                  "name": "phprojekt-sql-injection(8945)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8945"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1760",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1761 (GCVE-0-2002-1761)

    Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.derkeiler.com/Mailing-Lists/securityfo… mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-21T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1761",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:33.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0648 (GCVE-0-2001-0648)

    Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
    VLAI
    Summary
    Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/184215 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/2702 vdb-entryx_refsource_BID
    Date Public
    2001-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:30:06.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010508 security hole in os groupware suite PHProjekt",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/184215"
              },
              {
                "name": "phprojekt-dot-directory-traversal(6522)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522"
              },
              {
                "name": "2702",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/2702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-02-11T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010508 security hole in os groupware suite PHProjekt",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/184215"
            },
            {
              "name": "phprojekt-dot-directory-traversal(6522)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522"
            },
            {
              "name": "2702",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/2702"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010508 security hole in os groupware suite PHProjekt",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/184215"
                },
                {
                  "name": "phprojekt-dot-directory-traversal(6522)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522"
                },
                {
                  "name": "2702",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/2702"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0648",
        "datePublished": "2002-03-09T05:00:00.000Z",
        "dateReserved": "2001-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:30:06.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3786 (GCVE-0-2011-3786)

    Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-17 03:38
    VLAI
    Summary
    PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:02.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5"
              },
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-24T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5"
            },
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phprojekt-6.0.5"
                },
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3786",
        "datePublished": "2011-09-24T00:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:38:58.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2740 (GCVE-0-2004-2740)

    Vulnerability from cvelistv5 – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/13660 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12613 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/12116 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1012708 vdb-entryx_refsource_SECTRACK
    http://www.phprojekt.com/modules.php?op=modload&n… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2004-12-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200412-27",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml"
              },
              {
                "name": "13660",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13660"
              },
              {
                "name": "12613",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12613"
              },
              {
                "name": "12116",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12116"
              },
              {
                "name": "1012708",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012708"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193"
              },
              {
                "name": "phprojekt-pathpre-file-include(18683)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200412-27",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml"
            },
            {
              "name": "13660",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13660"
            },
            {
              "name": "12613",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12613"
            },
            {
              "name": "12116",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12116"
            },
            {
              "name": "1012708",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012708"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193"
            },
            {
              "name": "phprojekt-pathpre-file-include(18683)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2740",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200412-27",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-27.xml"
                },
                {
                  "name": "13660",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13660"
                },
                {
                  "name": "12613",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12613"
                },
                {
                  "name": "12116",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12116"
                },
                {
                  "name": "1012708",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012708"
                },
                {
                  "name": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=193"
                },
                {
                  "name": "phprojekt-pathpre-file-include(18683)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2740",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2739 (GCVE-0-2004-2739)

    Vulnerability from cvelistv5 – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/11797 vdb-entryx_refsource_BID
    http://www.gentoo.org/security/en/glsa/glsa-20041… vendor-advisoryx_refsource_GENTOO
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://securitytracker.com/id?1012369 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/13355 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/12174 vdb-entryx_refsource_OSVDB
    http://www.phprojekt.com/modules.php?op=modload&n… x_refsource_CONFIRM
    Date Public
    2004-12-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "phprojekt-setup-command-execution(18320)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18320"
              },
              {
                "name": "11797",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11797"
              },
              {
                "name": "GLSA-200412-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml"
              },
              {
                "name": "SuSE-SR:2004:004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_04_sr.html"
              },
              {
                "name": "1012369",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012369"
              },
              {
                "name": "13355",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13355"
              },
              {
                "name": "12174",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12174"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "phprojekt-setup-command-execution(18320)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18320"
            },
            {
              "name": "11797",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11797"
            },
            {
              "name": "GLSA-200412-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml"
            },
            {
              "name": "SuSE-SR:2004:004",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_04_sr.html"
            },
            {
              "name": "1012369",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012369"
            },
            {
              "name": "13355",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13355"
            },
            {
              "name": "12174",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12174"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2739",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "phprojekt-setup-command-execution(18320)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18320"
                },
                {
                  "name": "11797",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11797"
                },
                {
                  "name": "GLSA-200412-06",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-06.xml"
                },
                {
                  "name": "SuSE-SR:2004:004",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_04_sr.html"
                },
                {
                  "name": "1012369",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012369"
                },
                {
                  "name": "13355",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13355"
                },
                {
                  "name": "12174",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12174"
                },
                {
                  "name": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=189\u0026mode=thread\u0026order=0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2739",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1575 (GCVE-0-2007-1575)

    Vulnerability from cvelistv5 – Published: 2007-03-21 21:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/462789/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/22955 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24509 third-party-advisoryx_refsource_SECUNIA
    http://www.phprojekt.com/index.php?name=News&file… x_refsource_CONFIRM
    http://www.nruns.com/security_advisory_phprojekt_… x_refsource_MISC
    http://security.gentoo.org/glsa/glsa-200706-07.xml vendor-advisoryx_refsource_GENTOO
    http://securityreason.com/securityalert/2466 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/25748 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.801Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462789/100/0/threaded"
              },
              {
                "name": "22955",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22955"
              },
              {
                "name": "24509",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24509"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php"
              },
              {
                "name": "GLSA-200706-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
              },
              {
                "name": "2466",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2466"
              },
              {
                "name": "25748",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462789/100/0/threaded"
            },
            {
              "name": "22955",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22955"
            },
            {
              "name": "24509",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24509"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php"
            },
            {
              "name": "GLSA-200706-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
            },
            {
              "name": "2466",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2466"
            },
            {
              "name": "25748",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462789/100/0/threaded"
                },
                {
                  "name": "22955",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22955"
                },
                {
                  "name": "24509",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24509"
                },
                {
                  "name": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
                },
                {
                  "name": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.com/security_advisory_phprojekt_sql_injection.php"
                },
                {
                  "name": "GLSA-200706-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
                },
                {
                  "name": "2466",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2466"
                },
                {
                  "name": "25748",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1575",
        "datePublished": "2007-03-21T21:00:00.000Z",
        "dateReserved": "2007-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1576 (GCVE-0-2007-1576)

    Vulnerability from cvelistv5 – Published: 2007-03-21 21:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/34064 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34068 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/462788/100… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/34065 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34066 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34067 vdb-entryx_refsource_OSVDB
    http://osvdb.org/34069 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24509 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22957 vdb-entryx_refsource_BID
    http://www.phprojekt.com/index.php?name=News&file… x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200706-07.xml vendor-advisoryx_refsource_GENTOO
    http://www.nruns.de/security_advisory_phprojekt_x… x_refsource_MISC
    http://securityreason.com/securityalert/2459 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/25748 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.735Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34064",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34064"
              },
              {
                "name": "34068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34068"
              },
              {
                "name": "20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded"
              },
              {
                "name": "34065",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34065"
              },
              {
                "name": "34066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34066"
              },
              {
                "name": "34067",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34067"
              },
              {
                "name": "34069",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34069"
              },
              {
                "name": "24509",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24509"
              },
              {
                "name": "22957",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22957"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
              },
              {
                "name": "GLSA-200706-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php"
              },
              {
                "name": "2459",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2459"
              },
              {
                "name": "25748",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25748"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34064",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34064"
            },
            {
              "name": "34068",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34068"
            },
            {
              "name": "20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded"
            },
            {
              "name": "34065",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34065"
            },
            {
              "name": "34066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34066"
            },
            {
              "name": "34067",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34067"
            },
            {
              "name": "34069",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34069"
            },
            {
              "name": "24509",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24509"
            },
            {
              "name": "22957",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22957"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
            },
            {
              "name": "GLSA-200706-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php"
            },
            {
              "name": "2459",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2459"
            },
            {
              "name": "25748",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25748"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1576",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34064",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34064"
                },
                {
                  "name": "34068",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34068"
                },
                {
                  "name": "20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462788/100/0/threaded"
                },
                {
                  "name": "34065",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34065"
                },
                {
                  "name": "34066",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34066"
                },
                {
                  "name": "34067",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34067"
                },
                {
                  "name": "34069",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34069"
                },
                {
                  "name": "24509",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24509"
                },
                {
                  "name": "22957",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22957"
                },
                {
                  "name": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/index.php?name=News\u0026file=article\u0026sid=276"
                },
                {
                  "name": "GLSA-200706-07",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200706-07.xml"
                },
                {
                  "name": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php",
                  "refsource": "MISC",
                  "url": "http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php"
                },
                {
                  "name": "2459",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2459"
                },
                {
                  "name": "25748",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25748"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1576",
        "datePublished": "2007-03-21T21:00:00.000Z",
        "dateReserved": "2007-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5123 (GCVE-0-2006-5123)

    Vulnerability from cvelistv5 – Published: 2006-10-02 20:00 – Updated: 2024-08-07 19:41
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/22167 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/29290 vdb-entryx_refsource_OSVDB
    http://www.hardened-php.net/advisory_062006.129.html x_refsource_MISC
    http://www.securityfocus.com/bid/20268 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/447360/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/3845 vdb-entryx_refsource_VUPEN
    http://www.phprojekt.com/modules.php?op=modload&n… x_refsource_CONFIRM
    http://securityreason.com/securityalert/1672 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-09-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:41:05.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "22167",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22167"
              },
              {
                "name": "29290",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29290"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.hardened-php.net/advisory_062006.129.html"
              },
              {
                "name": "20268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20268"
              },
              {
                "name": "20060929 Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/447360/100/0/threaded"
              },
              {
                "name": "phprojekt-unspecified-file-include(29262)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29262"
              },
              {
                "name": "ADV-2006-3845",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3845"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259"
              },
              {
                "name": "1672",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1672"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "22167",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22167"
            },
            {
              "name": "29290",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29290"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.hardened-php.net/advisory_062006.129.html"
            },
            {
              "name": "20268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20268"
            },
            {
              "name": "20060929 Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/447360/100/0/threaded"
            },
            {
              "name": "phprojekt-unspecified-file-include(29262)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29262"
            },
            {
              "name": "ADV-2006-3845",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3845"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259"
            },
            {
              "name": "1672",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1672"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5123",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "22167",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22167"
                },
                {
                  "name": "29290",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29290"
                },
                {
                  "name": "http://www.hardened-php.net/advisory_062006.129.html",
                  "refsource": "MISC",
                  "url": "http://www.hardened-php.net/advisory_062006.129.html"
                },
                {
                  "name": "20268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20268"
                },
                {
                  "name": "20060929 Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/447360/100/0/threaded"
                },
                {
                  "name": "phprojekt-unspecified-file-include(29262)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29262"
                },
                {
                  "name": "ADV-2006-3845",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3845"
                },
                {
                  "name": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259",
                  "refsource": "CONFIRM",
                  "url": "http://www.phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=259"
                },
                {
                  "name": "1672",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1672"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5123",
        "datePublished": "2006-10-02T20:00:00.000Z",
        "dateReserved": "2006-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:41:05.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4204 (GCVE-0-2006-4204)

    Vulnerability from cvelistv5 – Published: 2006-08-17 21:00 – Updated: 2024-08-07 18:57
    VLAI
    Summary
    Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21526 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/19541 vdb-entryx_refsource_BID
    http://phprojekt.com/modules.php?op=modload&name=… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/2190 exploitx_refsource_EXPLOIT-DB
    http://www.vupen.com/english/advisories/2006/3284 vdb-entryx_refsource_VUPEN
    Date Public
    2006-08-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:57:46.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21526",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21526"
              },
              {
                "name": "19541",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19541"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0"
              },
              {
                "name": "phprojekt-libpath-file-include(28560)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
              },
              {
                "name": "2190",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/2190"
              },
              {
                "name": "ADV-2006-3284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3284"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21526",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21526"
            },
            {
              "name": "19541",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19541"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0"
            },
            {
              "name": "phprojekt-libpath-file-include(28560)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
            },
            {
              "name": "2190",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/2190"
            },
            {
              "name": "ADV-2006-3284",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3284"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4204",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21526",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21526"
                },
                {
                  "name": "19541",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19541"
                },
                {
                  "name": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0",
                  "refsource": "CONFIRM",
                  "url": "http://phprojekt.com/modules.php?op=modload\u0026name=News\u0026file=article\u0026sid=257\u0026mode=thread\u0026order=0"
                },
                {
                  "name": "phprojekt-libpath-file-include(28560)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28560"
                },
                {
                  "name": "2190",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/2190"
                },
                {
                  "name": "ADV-2006-3284",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3284"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4204",
        "datePublished": "2006-08-17T21:00:00.000Z",
        "dateReserved": "2006-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:57:46.444Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1757 (GCVE-0-2002-1757)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4596 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/269407 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4596"
              },
              {
                "name": "phprojekt-unauth-script-access(8943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
              },
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/269407"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with \"sms\" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using \"mail_send.php/sms\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4596",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4596"
            },
            {
              "name": "phprojekt-unauth-script-access(8943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
            },
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/269407"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with \"sms\" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using \"mail_send.php/sms\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4596",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4596"
                },
                {
                  "name": "phprojekt-unauth-script-access(8943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
                },
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/269407"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1757",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1759 (GCVE-0-2002-1759)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/4597 vdb-entryx_refsource_BID
    http://archive.cert.uni-stuttgart.de/archive/bugt… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4597",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4597"
              },
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
              },
              {
                "name": "phprojekt-upload-read-files(8944)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8944"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4597",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4597"
            },
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
            },
            {
              "name": "phprojekt-upload-read-files(8944)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8944"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4597",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4597"
                },
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
                },
                {
                  "name": "phprojekt-upload-read-files(8944)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8944"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1759",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1758 (GCVE-0-2002-1758)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://online.securityfocus.com/archive/1/269407 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/4599 vdb-entryx_refsource_BID
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.203Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "phprojekt-unauth-script-access(8943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
              },
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://online.securityfocus.com/archive/1/269407"
              },
              {
                "name": "4599",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4599"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "phprojekt-unauth-script-access(8943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
            },
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://online.securityfocus.com/archive/1/269407"
            },
            {
              "name": "4599",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4599"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "phprojekt-unauth-script-access(8943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
                },
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://online.securityfocus.com/archive/1/269407"
                },
                {
                  "name": "4599",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4599"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1758",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1760 (GCVE-0-2002-1760)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 03:34
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archive.cert.uni-stuttgart.de/archive/bugt… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/4598 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2002-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
              },
              {
                "name": "4598",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/4598"
              },
              {
                "name": "phprojekt-sql-injection(8945)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8945"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
            },
            {
              "name": "4598",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/4598"
            },
            {
              "name": "phprojekt-sql-injection(8945)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8945"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1760",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.html"
                },
                {
                  "name": "4598",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/4598"
                },
                {
                  "name": "phprojekt-sql-injection(8945)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8945"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1760",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:34:56.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1761 (GCVE-0-2002-1761)

    Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.derkeiler.com/Mailing-Lists/securityfo… mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:34:56.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020424 PHProjekt multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-06-21T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020424 PHProjekt multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020424 PHProjekt multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-04/0362.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1761",
        "datePublished": "2005-06-21T04:00:00.000Z",
        "dateReserved": "2005-06-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:33.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-1227 (GCVE-0-2005-1227)

    Vulnerability from cvelistv5 – Published: 2005-04-22 04:00 – Updated: 2024-08-07 21:44
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/15039 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/15720 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://marc.info/?l=bugtraq&m=111402374504496&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2005-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:44:05.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "15039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15039"
              },
              {
                "name": "15720",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/15720"
              },
              {
                "name": "phprojekt-url-tag-xss(20212)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20212"
              },
              {
                "name": "20050420 Secure Science Corporation Application Software Advisory 055",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=111402374504496\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "15039",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15039"
            },
            {
              "name": "15720",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/15720"
            },
            {
              "name": "phprojekt-url-tag-xss(20212)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20212"
            },
            {
              "name": "20050420 Secure Science Corporation Application Software Advisory 055",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=111402374504496\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-1227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "15039",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15039"
                },
                {
                  "name": "15720",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/15720"
                },
                {
                  "name": "phprojekt-url-tag-xss(20212)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20212"
                },
                {
                  "name": "20050420 Secure Science Corporation Application Software Advisory 055",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=111402374504496\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-1227",
        "datePublished": "2005-04-22T04:00:00.000Z",
        "dateReserved": "2005-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:44:05.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0648 (GCVE-0-2001-0648)

    Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:30
    VLAI
    Summary
    Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/184215 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/2702 vdb-entryx_refsource_BID
    Date Public
    2001-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:30:06.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010508 security hole in os groupware suite PHProjekt",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/184215"
              },
              {
                "name": "phprojekt-dot-directory-traversal(6522)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522"
              },
              {
                "name": "2702",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/2702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-02-11T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010508 security hole in os groupware suite PHProjekt",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/184215"
            },
            {
              "name": "phprojekt-dot-directory-traversal(6522)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522"
            },
            {
              "name": "2702",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/2702"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010508 security hole in os groupware suite PHProjekt",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/184215"
                },
                {
                  "name": "phprojekt-dot-directory-traversal(6522)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6522"
                },
                {
                  "name": "2702",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/2702"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0648",
        "datePublished": "2002-03-09T05:00:00.000Z",
        "dateReserved": "2001-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:30:06.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }