Phpgroupware
by PhpGroupWare
CVEs (27)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2004-0875 | 0.00 | — | 0.01 | Dec 23, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. | ||
| CVE-2004-0017 | 0.00 | — | 0.01 | Feb 3, 2004 | Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | ||
| CVE-2004-0016 | 0.00 | — | 0.01 | Feb 3, 2004 | The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | ||
| CVE-2003-0599 | 0.00 | — | 0.00 | Aug 27, 2003 | Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | ||
| CVE-2003-0657 | 0.00 | — | 0.00 | Aug 27, 2003 | Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | ||
| CVE-2003-0504 | 0.00 | — | 0.00 | Aug 7, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | ||
| CVE-2001-0043 | 0.00 | — | 0.02 | Feb 16, 2001 | phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. |
Page 2 of 2