Unrated severityNVD Advisory· Published Mar 23, 2007· Updated Apr 23, 2026

CVE-2007-1638

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.

Affected products

Phprojekt/Phpprojekt
cpe:2.3:a:phpprojekt:phpprojekt:5.2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24509nvdPatchVendor Advisory
osvdb.org/35162nvd
secunia.com/advisories/25748nvd
security.gentoo.org/glsa/glsa-200706-07.xmlnvd
securityreason.com/securityalert/2477nvd
www.nruns.de/security_advisory_phprojekt_csrf.phpnvd
www.phprojekt.com/index.phpnvd
www.securityfocus.com/archive/1/462786/100/100/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/32989nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000