PhpGroupWare Multiple Module SQL Injection Vulnerabilities Network Vulnerability

Summary

The remote host seems to be running PhpGroupWare, is a multi-user groupware suite written in PHP. It has been reported that this version may be prone to multiple SQL injection vulnerabilities in the 'calendar' and 'infolog' modules. The problems exist due to insufficient sanitization of user-supplied data. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.

Solution

Update to version 0.9.14.007 or newer

References

http://www.phpgroupware.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0017

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
ASUS RT56U Router Multiple Vulnerabilities
4psa Voipnow Local File Inclusion Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
b2Evolution title SQL Injection

PhpGroupWare multiple module SQL injection vulnerabilities

Take action and discover your vulnerabilities