Lucene search
HistoryFeb 03, 2004 - 5:00 a.m.
CVE-2004-0016
cve-2004-0016
phpgroupware
calendar module
security vulnerability
remote code execution
6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
The calendar module for phpgroupware 0.9.14 does not enforce the “save extension” feature for holiday files, which allows remote attackers to create and execute PHP files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpgroupware:phpgroupware | phpgroupware | eq | 0.9.14 |
Related
openvas
openvas
PhpGroupWare calendar server side script execution
2005-11-03 00:00:00
Debian Security Advisory DSA 419-1 (phpgroupware)
2008-01-17 00:00:00
nessus
nessus
osv
osv
phpgroupware - missing filename sanitising, SQL injection
2004-01-09 00:00:00
securityvulns
securityvulns
debian
debian
6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Related for CVE-2004-0016