Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2014-2988

Published: 27/10/2014 Updated: 09/10/2018
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Egroupware

Vulnerability Summary

EGroupware Enterprise Line (EPL) prior to 1.1.20140505, EGroupware Community Edition prior to 1.8.007.20140506, and EGroupware prior to 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.

Vulnerable Product Search on Vulmon Subscribe to Product

egroupware egroupware

Exploits

Exploit DB: EGroupware 1.8.006 Cross Site Request Forgery / Code Injection
EGroupware version 18006 suffers from code execution and cross site request forgery vulnerabilities ...

References

CWE-94https://www.htbridge.com/advisory/HTB23212http://www.mandriva.com/security/advisories?name=MDVSA-2015:087http://advisories.mageia.org/MGASA-2014-0221.htmlhttp://www.securityfocus.com/archive/1/532103/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/126643/EGroupware-1.8.006-Cross-Site-Request-Forgery-Code-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook