|
Family: CGI abuses --> Category: attack
PhpGroupWare multiple module SQL injection vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for PhpGroupWare version
Detailed Explanation for this Vulnerability Test
The remote host seems to be running PhpGroupWare, is a multi-user groupware
suite written in PHP.
It has been reported that this version may be prone to multiple SQL injection
vulnerabilities in the 'calendar' and 'infolog' modules.
The problems exist due to insufficient sanitization of user-supplied data.
A remote attacker may exploit these issues to influence SQL query logic to disclose
sensitive information that could be used to gain unauthorized access.
Solution : Update to version 0.9.14.007 or newer
See also: http://www.phpgroupware.org/
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|