phpgroupware -- several vulnerabilities

ID DSA-2046
Type debian
Reporter Debian
Modified 2010-05-13T00:00:00


Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:

A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files.

Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands.

For the stable distribution (lenny), these problems have been fixed in version 1:

For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your phpgroupware package.