CVE-2004-0017
- EPSS 0.5%
- Veröffentlicht 03.02.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
CVE-2004-0016
- EPSS 0.74%
- Veröffentlicht 03.02.2004 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
CVE-2003-0657
- EPSS 0.43%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
- EPSS 0.46%
- Veröffentlicht 27.08.2003 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
CVE-2003-0504
- EPSS 0.44%
- Veröffentlicht 07.08.2003 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
CVE-2002-0536
- EPSS 0.82%
- Veröffentlicht 03.07.2002 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.
- EPSS 1.61%
- Veröffentlicht 16.02.2001 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.