PHProjekt is a modular groupware web application used to coordinate group activities and share files.
Martin Muench, from it.sec, found a flaw in the setup.php file.
Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorized changes to PHProjekt configuration.
As a workaround, you could replace the existing setup.php file in PHProjekt root directory by the one provided on the PHProjekt Advisory (see References).
All PHProjekt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phprojekt-4.2-r1"