Unrated severityNVD Advisory· Published May 19, 2010· Updated Apr 29, 2026
CVE-2010-0403
CVE-2010-0403
Description
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
Affected products
11cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*range: <=0.9.16.015
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.001:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.011:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.014:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- download.phpgroupware.orgnvdPatchVendor Advisory
- forums.phpgroupware.org/index.phpnvdPatch
- www.vupen.com/english/advisories/2010/1145nvdPatchVendor Advisory
- secunia.com/advisories/39665nvdVendor Advisory
- secunia.com/advisories/39731nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1146nvdVendor Advisory
- lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.htmlnvd
- www.debian.org/security/2010/dsa-2046nvd
- www.securityfocus.com/archive/1/511299/100/0/threadednvd
- www.securityfocus.com/bid/40167nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/58657nvd
News mentions
0No linked articles in our index yet.