Lucene search

[email protected]CVE-2014-2988

HistoryOct 27, 2014 - 1:55 a.m.

CVE-2014-2988

2014-10-2701:55:00

CWE-94

[email protected]

web.nvd.nist.gov

egroupware

cve-2014-2988

remote code execution

nvd

security vulnerability

callback values

7.2 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.8%

JSON

EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.

CPENameOperatorVersion
egroupware:egroupwareegroupwarele1.6.001
egroupware:egroupwareegroupwarele1.8006

CPE	Name	Operator	Version
egroupware:egroupware	egroupware	le	1.6.001
egroupware:egroupware	egroupware	le	1.8006

References

advisories.mageia.org/MGASA-2014-0221.html

www.mandriva.com/security/advisories?name=MDVSA-2015:087

www.securityfocus.com/archive/1/532103/100/0/threaded

www.htbridge.com/advisory/HTB23212

7.2 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2014-2988

prion2 securityvulns3 openvas1 exploitpack1 htbridge1 cve1 packetstorm1 exploitdb1 zdt1