3 matches found
Debian DSA-1978-1 : phpgroupware - several vulnerabilities
Several remote vulnerabilities have been discovered in phpgroupware, a Web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4414 A SQL injection vulnerability was found in the authentication module. -...
CVE-2009-4414
SQL injection vulnerability in phpgwapi /inc/class.authsql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php...
phpGroupWare Multiple Input Validation Vulnerabilities
phpGroupWare is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to disclose sensitive information, steal cookie-based authentication credentials, compromise the application, access or...