phpGroupWare Calendar Module SQL Injection

2003-10-21T00:00:00
ID OSVDB:2691
Type osvdb
Reporter OSVDB
Modified 2003-10-21T00:00:00

Description

Vulnerability Description

phpGroupWare contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that variables in the 'calendar' module are not verified properly and will allow an attacker to inject or manipulate SQL queries. No further details have been provided.

Solution Description

Upgrade to version 0.9.14.007 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpGroupWare contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that variables in the 'calendar' module are not verified properly and will allow an attacker to inject or manipulate SQL queries. No further details have been provided.

References:

Vendor URL: http://www.phpgroupware.org/ Vendor Specific Advisory URL Secunia Advisory ID:10046 Related OSVDB ID: 6857 ISS X-Force ID: 14846 CVE-2004-0017 Bugtraq ID: 9386