Lucene search

[email protected]CVE-2014-2027

HistoryMar 31, 2015 - 2:59 p.m.

CVE-2014-2027

2015-03-3114:59:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2014-2027

egroupware

php object injection

arbitrary code execution

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.082 Low

EPSS

Percentile

94.4%

JSON

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.

Affected configurations

NVD

Node

egroupwareegroupwareRange≤1.8006

CPENameOperatorVersion
egroupware:egroupwareegroupwarele1.8006

CPE	Name	Operator	Version
egroupware:egroupware	egroupware	le	1.8006

References

advisories.mageia.org/MGASA-2014-0116.html

openwall.com/lists/oss-security/2014/02/19/10

openwall.com/lists/oss-security/2014/02/19/4

sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download

www.mandriva.com/security/advisories?name=MDVSA-2015:087

security.gentoo.org/glsa/201711-12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.082 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2014-2027

nessus2 cvelist1 nvd1 packetstorm1 mageia1 openvas2 prion1 gentoo1 ubuntucve1 securityvulns2