Phpgroupware: >> Phpgroupware >> 0.9.16.001 Security Vulnerabilities
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
CVSS Score
6.8
EPSS Score
0.007
Published
2010-05-19
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
CVSS Score
7.5
EPSS Score
0.009
Published
2010-05-19
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31