Marc Logemann: >> More.groupware Security Vulnerabilities
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2006-09-21
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVSS Score
5.0
EPSS Score
0.005
Published
2001-10-02