Seven and half years and a lot of downloads later the development team decided that a complete makeover is necessary not only to include more Web 2.0 features but also to add new functions to one of the most popular Open Source Groupware based on PHP. [...] There are still some months left till PHProjekt 6 will be released but for the time being you can follow the progress in a developers' blog started recently.

The blog already has information on the upcoming version (PHProjekt 6) and a first part of a "what's new" series on additions to the project. PHProject is an open source groupware application providing tools like shared calendars, project management and file management.

While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.

By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.

They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).