Lucene search
PRIOn knowledge basePRION:CVE-2014-2027HistoryMar 31, 2015 - 2:59 p.m.
Design/Logic Flaw
2015-03-3114:59:00
PRIOn knowledge base
www.prio-n.com
4
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| egroupware | le | 1.8006 |
References
Related
nessus
nessus
Mandriva Linux Security Advisory : egroupware (MDVSA-2015:087)
2015-03-30 00:00:00
GLSA-201711-12 : eGroupWare: Remote code execution
2017-11-13 00:00:00
cvelist
cvelist
CVE-2014-2027
2015-03-31 14:00:00
nvd
nvd
CVE-2014-2027
2015-03-31 14:59:00
cve
cve
CVE-2014-2027
2015-03-31 14:59:00
packetstorm
packetstorm
Egroupware 1.8.005 PHP Object Insertion
2014-02-21 00:00:00
mageia
mageia
Updated egroupware package fixes security vulnerability
2014-03-04 00:01:25
openvas
openvas
EGroupware 'unserialize()' Multiple PHP Code Execution Vulnerabilities
2017-02-01 00:00:00
Mageia: Security Advisory (MGASA-2014-0116)
2022-01-28 00:00:00
gentoo
gentoo
eGroupWare: Remote code execution
2017-11-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-2027
2015-03-31 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:087 ] egroupware
2015-05-12 00:00:00