On the ThinkPHP blog today, Ute has posted about a developer blog that has been started up for PHProjekt:

Seven and half years and a lot of downloads later the development team decided that a complete makeover is necessary not only to include more Web 2.0 features but also to add new functions to one of the most popular Open Source Groupware based on PHP. [...] There are still some months left till PHProjekt 6 will be released but for the time being you can follow the progress in a developers' blog started recently.

The blog already has information on the upcoming version (PHProjekt 6) and a first part of a "what's new" series on additions to the project. PHProject is an open source groupware application providing tools like shared calendars, project management and file management.

The Hardened-PHP Project has released a new vulnerability for the PHProjekt groupware software.

While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.

By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.

They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).

The Hardened-PHP Project has released a new vulnerability for the PHProjekt groupware software.

While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.

By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.

They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).