Unrated severityNVD Advisory· Published Mar 21, 2007· Updated Apr 23, 2026

CVE-2007-1575

Description

Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.

Affected products

Phprojekt/Phprojekt4 versions
cpe:2.3:a:phprojekt:phprojekt:5.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:phprojekt:phprojekt:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:phprojekt:phprojekt:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phprojekt:phprojekt:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:phprojekt:phprojekt:5.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.phprojekt.com/index.phpnvdPatchVendor Advisory
www.nruns.com/security_advisory_phprojekt_sql_injection.phpnvdVendor Advisory
secunia.com/advisories/24509nvd
secunia.com/advisories/25748nvd
security.gentoo.org/glsa/glsa-200706-07.xmlnvd
securityreason.com/securityalert/2466nvd
www.securityfocus.com/archive/1/462789/100/0/threadednvd
www.securityfocus.com/bid/22955nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000