Phpgroupware: >> Phpgroupware >> 0.9.6 Security Vulnerabilities
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.
CVSS Score
10.0
EPSS Score
0.016
Published
2001-02-16