EUVD-2020-3401

Malware in sbrugna...

CVE-2025-57768

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

Phproject 跨站脚本漏洞

Phproject is a project management system for Alan's personal developers. The system supports issue management, task management and dashboard features. A cross-site scripting vulnerability exists in versions of Phproject prior to 1.8.0 through 1.8.3, which stems from the presence of stored...

PT-2025-34267 · Phproject · Phproject

Name of the Vulnerable Software and Affected Versions: Phproject versions 1.8.0 through 1.8.2 Description: Phproject is a high performance full-featured project management system. A Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. A...

CVE-2020-11011

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. Then, the vulnerability can be triggered when the user previews the document´s content. Proof of Concept login and navigate task Dependencies This task depends on: This task is a...

Open Redirect in alanaktion/phproject

✍️ Description open-redirect 🕵️‍♂️ Proof of Concept Bellow url is vulnerable to open redirect after login .\ it will redirect user to any arbitary site . http://localhost/phproject/login?to=http://example.com 💥 Impact Open redirect to any site...

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to close any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Phproject Code Issues Vulnerabilities

Phproject is a project management system. The system supports features such as issue management, task management and dashboards. A code issue vulnerability exists in versions prior to Phprojec 1.7.8. An attacker can exploit the vulnerability to execute arbitrary code...

CVE-2020-11011

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

CVE-2020-11011

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

Design/Logic Flaw

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

CVE-2020-11011 RCE via file upload in Phproject

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8...

CVE-2020-11011

CVE-2020-11011 affects Phproject before version 1.7.8. The vulnerability allows an attacker with access to the file upload functionality to execute arbitrary code on the server. The issue is mitigated by upgrading to version 1.7.8, which patches the flaw. The provided documents consistently descr...

Несанкционированный доступ в PHProject (unauthorized access)

Изменив идентификатор пользователя можно получить доступ к данным другого пользователя...