7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
phpGroupWare is a multi-user groupware suite written in PHP.
phpGroupWare improperly validates the “mid” parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially vulnerable XML-RPC library.
A remote attacker may leverage the XML-RPC vulnerability to execute arbitrary PHP script code. He could also create a specially crafted request that will reveal private posts.
There is no known workaround at this time.
All phpGroupWare users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.008"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-apps/phpgroupware | < 0.9.16.008 | UNKNOWN |