Unrated severityNVD Advisory· Published May 19, 2010· Updated Apr 29, 2026
CVE-2010-0404
CVE-2010-0404
Description
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
Affected products
11cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*range: <=0.9.16.015
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.001:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.011:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.014:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- download.phpgroupware.orgnvdPatchVendor Advisory
- forums.phpgroupware.org/index.phpnvdPatch
- lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.htmlnvdPatch
- secunia.com/advisories/39665nvdVendor Advisory
- secunia.com/advisories/39731nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1145nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1146nvdVendor Advisory
- www.debian.org/security/2010/dsa-2046nvd
- www.securityfocus.com/archive/1/511299/100/0/threadednvd
News mentions
0No linked articles in our index yet.