CVE-2004-1385

2004-12-31T05:00:00
ID CVE-2004-1385
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:30:00

Description

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.