Nessus Plugin #14296
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
PhpGroupWare multiple module SQL injection vulnerabilities
- Family:
- CGI abuses
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Checks for PhpGroupWare version
- Version:
- $Revision: 1.6 $
- Cve_id:
- CAN-2004-0017
- Bugtraq_id:
- 9386
- Xrefs:
- OSVDB:2691, OSVDB:6857
- Description:
The remote host seems to be running PhpGroupWare, is a multi-user groupware
suite written in PHP.
It has been reported that this version may be prone to multiple SQL injection
vulnerabilities in the 'calendar' and 'infolog' modules.
The problems exist due to insufficient sanitization of user-supplied data.
A remote attacker may exploit these issues to influence SQL query logic to disclose
sensitive information that could be used to gain unauthorized access.
Solution : Update to version 0.9.14.007 or newer
See also: http://www.phpgroupware.org/
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.