VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-1385

CVE-2004-1385

Description

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.005:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.006:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.007:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16_rc1:*:*:*:*:*:*:*
    • (no CPE)range: <=0.9.16.003

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.