CVE-2010-0403

2010-05-1912:08:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

0403

directory traversal

vulnerability

phpgroupware

phpgw

remote attackers

include

execute

arbitrary local files

nvd

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the app parameter.

CPENameOperatorVersion
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.012
phpgroupware:phpgroupwarephpgroupwarele0.9.16.015
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.011
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.001
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.014
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.000
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.010
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.003
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.005
phpgroupware:phpgroupwarephpgroupwareeq0.9.16.002

CPE	Name	Operator	Version
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.012
phpgroupware:phpgroupware	phpgroupware	le	0.9.16.015
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.011
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.001
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.014
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.000
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.010
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.003
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.005
phpgroupware:phpgroupware	phpgroupware	eq	0.9.16.002