VYPR

Packagist (Composer) package

egroupware/egroupware

pkg:composer/egroupware/egroupware

Vulnerabilities (4)

  • CVE-2026-22243Jan 28, 2026
    affected < 23.1.20260113fixed 23.1.20260113

    EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to in

  • CVE-2024-40614Jul 7, 2024
    affected < 23.1.20240624fixed 23.1.20240624

    EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.

  • CVE-2017-14920MedSep 30, 2017
    affected < 16.1.20170922fixed 16.1.20170922

    Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

  • CVE-2010-3313Sep 22, 2010
    affected < 1.6.003fixed 1.6.003

    phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute ar