phpGroupWare 0.9.16.003 and previous versions allows remote malicious users to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgroupware phpgroupware 0.9.16.000 |
||
phpgroupware phpgroupware 0.9.16.002 |
||
phpgroupware phpgroupware 0.9.14.003 |
||
phpgroupware phpgroupware 0.9.14.005 |
||
phpgroupware phpgroupware 0.9.14.006 |
||
phpgroupware phpgroupware 0.9.14.007 |
||
phpgroupware phpgroupware 0.9.12 |
||
phpgroupware phpgroupware 0.9.13 |
||
phpgroupware phpgroupware 0.9.14 |
||
phpgroupware phpgroupware 0.9.16.003 |
||
phpgroupware phpgroupware 0.9.16_rc1 |