PhpGroupWare Multiple Vulnerabilities Network Vulnerability

Summary

phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it. Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database or to view files and execute local scripts in the context of the webserver process. . Versions of phpGroupWare prior to 0.9.16.016 are vulnerable.

Solution

The vendor has released phpGroupWare 0.9.16.016 to address this issue. Please see the references for more information.

References

http://www.phpgroupware.org/
http://www.securityfocus.com/bid/40167
http://www.securityfocus.com/bid/40168

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0403, CVE-2010-0404

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AVTECH DVR Multiple Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities
Advantech WebAccess Multiple Vulnerabilities
Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
ALCASAR Remote Code Execution Vulnerability

phpGroupWare Multiple Vulnerabilities

Take action and discover your vulnerabilities