PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion

The remote host is running PHProjekt, an open source groupware suite written in PHP. The version of PHProjekt installed on the remote host fails to sanitize user-supplied input to the 'pathpre' parameter of the 'lib/authform.inc.php' script before using it in a PHP 'includeonce' function. Provide...

PHProjekt: Remote code execution vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...