Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and
possibly other versions before 0.9.16.014, allow remote attackers to (1)
read arbitrary files via the csvfile parameter to
addressbook/csv_import.php, or (2) include and execute arbitrary local
files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 9.04 | noarch | phpgroupware | < 1:0.9.16.012+dfsg-8+lenny1build0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | phpgroupware | < 1:0.9.16.012+dfsg-8+lenny1build0.9.10.1 | UNKNOWN |