PhpGroupWare Arbitrary Command Execution Network Vulnerability

Summary

The remote host seems to be running PhpGroupWare, is a multi-user groupware suite written in PHP. This version is prone to a vulnerability that may permit remote attackers to execute arbitrary commands by triggering phpgw_info parameter of the phpgw.inc.php script, resulting in a loss of integrity.

Solution

Update to version 0.9.7 of this software or newer

References

http://www.phpgroupware.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2001-0043

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Baby Gekko CMS Multiple Vulnerabilities
Astium VoIP PBX SQL Injection Vulnerability
Acidcat CMS Multiple Vulnerabilities
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Arkeia Appliance Path Traversal Vulnerability

PhpGroupWare arbitrary command execution

Take action and discover your vulnerabilities