The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.Referenceshttp://www.securityfocus.com/bid/4597http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00361.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/8944
