Lucene search
Copyright (C) 2005 David MaciejakOPENVAS:136141256231014295HistoryNov 03, 2005 - 12:00 a.m.
PhpGroupWare Calendar Server Side Script Execution Vulnerability
2005-11-0300:00:00
Copyright (C) 2005 David Maciejak
plugins.openvas.org
12
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
PhpGroupWare is prone to a remote attack.
# SPDX-FileCopyrightText: 2005 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:phpgroupware:phpgroupware";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.14295");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/9387");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name:"OSVDB", value:"6860");
script_cve_id("CVE-2004-0016");
script_name("PhpGroupWare Calendar Server Side Script Execution Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2005 David Maciejak");
script_family("Web application abuses");
script_dependencies("phpgroupware_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("phpGroupWare/installed");
script_tag(name:"solution", value:"Update to version 0.9.14.007 or newer");
script_tag(name:"summary", value:"PhpGroupWare is prone to a remote attack.");
script_tag(name:"insight", value:"It has been reported that this version may be prone to a vulnerability that
may allow remote attackers to execute malicious scripts on a vulnerable system.
The flaw allows remote attackers to upload server side scripts which can then
be executed on the server.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );
if( ereg( pattern:"^0\.([0-8]\.|9\.([0-9]\.|1[0-3]\.|14\.0*[0-6]([^0-9]|$)))", string:vers ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"0.9.14.007" );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );References
Related
nessus
nessus
cve
cve
CVE-2004-0016
2004-02-03 05:00:00
openvas
openvas
Debian Security Advisory DSA 419-1 (phpgroupware)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-419)
2008-01-17 00:00:00
osv
osv
phpgroupware - missing filename sanitising, SQL injection
2004-01-09 00:00:00
debian
debian
securityvulns
securityvulns
6.5 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Related for OPENVAS:136141256231014295