Sql injection

2010-05-1912:08:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.4%

JSON

Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

CPENameOperatorVersion
phpgroupwareeq0.9.16.012
phpgroupwarele0.9.16.015
phpgroupwareeq0.9.16.011
phpgroupwareeq0.9.16.001
phpgroupwareeq0.9.16.014
phpgroupwareeq0.9.16.000
phpgroupwareeq0.9.16.010
phpgroupwareeq0.9.16.003
phpgroupwareeq0.9.16.005
phpgroupwareeq0.9.16.002

Name	Operator	Version
phpgroupware	eq	0.9.16.012
phpgroupware	le	0.9.16.015
phpgroupware	eq	0.9.16.011
phpgroupware	eq	0.9.16.001
phpgroupware	eq	0.9.16.014
phpgroupware	eq	0.9.16.000
phpgroupware	eq	0.9.16.010
phpgroupware	eq	0.9.16.003
phpgroupware	eq	0.9.16.005
phpgroupware	eq	0.9.16.002