MidnightBSD

Advisories for phpgroupware

CVE-2001-0043 HIGH

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.6
CVE-2002-0536 HIGH

PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.13
CVE-2003-0504 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14.003
CVE-2003-0599 HIGH

Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16prerc
phpgroupware phpgroupware *
CVE-2003-0657 HIGH

Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware *
CVE-2004-0016 HIGH

The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14
CVE-2004-0017 HIGH

Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14
CVE-2004-0875 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14.007
phpgroupware phpgroupware 0.9.16_rc1
phpgroupware phpgroupware 0.9.14.006
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.12
phpgroupware phpgroupware 0.9.13
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware 0.9.14.005
CVE-2004-1383 HIGH

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14.007
phpgroupware phpgroupware 0.9.16_rc1
phpgroupware phpgroupware 0.9.14.006
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
phpgroupware phpgroupware 0.9.12
phpgroupware phpgroupware 0.9.13
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware 0.9.14
phpgroupware phpgroupware 0.9.14.005
CVE-2004-1384 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14.007
phpgroupware phpgroupware 0.9.16_rc1
phpgroupware phpgroupware 0.9.14.006
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
phpgroupware phpgroupware 0.9.12
phpgroupware phpgroupware 0.9.13
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware 0.9.14
phpgroupware phpgroupware 0.9.14.005
CVE-2004-1385 MEDIUM

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14.007
phpgroupware phpgroupware 0.9.16_rc1
phpgroupware phpgroupware 0.9.14.006
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
phpgroupware phpgroupware 0.9.12
phpgroupware phpgroupware 0.9.13
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware 0.9.14
phpgroupware phpgroupware 0.9.14.005
CVE-2004-2406 HIGH

Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware *
CVE-2004-2407 HIGH

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware *
CVE-2004-2573 HIGH

PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware *
CVE-2004-2574 MEDIUM

Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
phpgroupware phpgroupware *
CVE-2004-2575 MEDIUM

phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16.005
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
CVE-2004-2576 MEDIUM

class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16.000
CVE-2004-2577 MEDIUM

The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16rc1
phpgroupware phpgroupware 0.9.16rc2
CVE-2004-2578 MEDIUM

phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.8
phpgroupware phpgroupware 0.9.2
phpgroupware phpgroupware 0.9.16.001
phpgroupware phpgroupware 0.9.1
phpgroupware phpgroupware 0.9.7
phpgroupware phpgroupware 0.9.14.006
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.9
phpgroupware phpgroupware 0.9.9_pl1
phpgroupware phpgroupware 0.9.12
phpgroupware phpgroupware 0.9.14.005
phpgroupware phpgroupware 0.9.3
phpgroupware phpgroupware 0.9.10
phpgroupware phpgroupware 0.9.4
phpgroupware phpgroupware 0.9.14.007
phpgroupware phpgroupware 0.9.6
phpgroupware phpgroupware 0.9.13
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware 0.9.5
CVE-2005-2761 MEDIUM

Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16.000
CVE-2005-3347 MEDIUM

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16
CVE-2010-0403 MEDIUM

Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16
phpgroupware phpgroupware 0.9.16.001
phpgroupware phpgroupware 0.9.16.014
phpgroupware phpgroupware 0.9.16.011
phpgroupware phpgroupware 0.9.16.005
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
phpgroupware phpgroupware 0.9.16.012
phpgroupware phpgroupware *
phpgroupware phpgroupware 0.9.16.010
CVE-2010-0404 HIGH

Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpgroupware phpgroupware 0.9.16
phpgroupware phpgroupware 0.9.16.001
phpgroupware phpgroupware 0.9.16.014
phpgroupware phpgroupware 0.9.16.011
phpgroupware phpgroupware 0.9.16.005
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003
phpgroupware phpgroupware 0.9.16.012
phpgroupware phpgroupware *
phpgroupware phpgroupware 0.9.16.010