Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.15983
Category:CGI abuses
Title:PhpGroupWare XSS and SQL injection issues
Summary:NOSUMMARY
Description:Description:

The remote host seems to be running PhpGroupWare, is a multi-user groupware
suite written in PHP.

The remote version of this software is vulnerable to two issues :

- A cross site scripting issue may allow an attacker to steal the credentials
of third-party users of the remote host


- A SQL injection vulnerability may allow an attacker to execute arbitrary SQL
statements against the remote database.

Solution : Update to the newest version of this software
Risk factor : High

Cross-Ref: BugTraq ID: 11952
Common Vulnerability Exposure (CVE) ID: CVE-2004-1384
http://www.securityfocus.com/bid/11952
Bugtraq: 20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] (Google Search)
http://marc.info/?l=bugtraq&m=110312656029072&w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
http://www.gulftech.org/?node=research&article_id=00054-12142004
XForce ISS Database: phpgroupware-index-preferences-xss(18496)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18496
Common Vulnerability Exposure (CVE) ID: CVE-2004-1383
XForce ISS Database: phpgroupware-projectid-sql-injection(18498)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18498
CopyrightThis script is Copyright (C) 2004 Tenable Network Security

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.