Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and previous versions allow remote malicious users to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpgroupware phpgroupware 0.9.14.007
phpgroupware phpgroupware 0.9.16.000
phpgroupware phpgroupware 0.9.14
phpgroupware phpgroupware 0.9.14.003
phpgroupware phpgroupware 0.9.16_rc1
phpgroupware phpgroupware 0.9.14.005
phpgroupware phpgroupware 0.9.14.006
phpgroupware phpgroupware 0.9.12
phpgroupware phpgroupware 0.9.13
phpgroupware phpgroupware 0.9.16.002
phpgroupware phpgroupware 0.9.16.003

source: wwwsecurityfocuscom/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues These issues are all due to a failure of the application to properly sanitize user-supplied input The SQL injection issues may allow a remote atta ...

NVD-CWE-Other http://www.gulftech.org/?node=research&article_id=00054-12142004 http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml http://www.securityfocus.com/bid/11952 http://marc.info/?l=bugtraq&m=110312656029072&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18498 https://nvd.nist.gov https://www.exploit-db.com/exploits/24846/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1383

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect