Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions prior to 0.9.16.014, allow remote malicious users to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgroupware phpgroupware 0.9.16.12 |