Phprojekt: >> Phprojekt Security Vulnerabilities
The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
CVSS Score
5.0
EPSS Score
0.004
Published
2002-12-31
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2002-12-31
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
CVSS Score
5.0
EPSS Score
0.002
Published
2002-12-31
Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
CVSS Score
5.0
EPSS Score
0.005
Published
2001-09-20
Page 2