phpgroupware -- several vulnerabilities

2010-05-13T00:00:00
ID DSA-2046
Type debian
Reporter Debian
Modified 2010-05-13T00:00:00

Description

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:

A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files.

Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands.

For the stable distribution (lenny), these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny2

For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your phpgroupware package.