Vulnerability Description
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpprojekt | Phpprojekt | <= 2.4a |
References
- http://www.phprojekt.com/ChangeLogVendor Advisory
- http://www.securityfocus.com/archive/1/210349PatchVendor Advisory
- http://www.securityfocus.com/bid/3239PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7035
- http://www.phprojekt.com/ChangeLogVendor Advisory
- http://www.securityfocus.com/archive/1/210349PatchVendor Advisory
- http://www.securityfocus.com/bid/3239PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7035
FAQ
What is CVE-2001-0995?
CVE-2001-0995 is a vulnerability with a CVSS score of 7.5 (HIGH). PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
How severe is CVE-2001-0995?
CVE-2001-0995 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0995?
Check the references section above for vendor advisories and patch information. Affected products include: Phpprojekt Phpprojekt.