SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   phpGroupWare Vendors:   phpGroupWare.org
phpGroupWare Unspecified Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1007276
SecurityTracker URL:  http://securitytracker.com/id/1007276
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 23 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.9.14.006
Description:   A vulnerability was reported in phpGroupWare. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can, without authentication, exploit an unspecified flaw that can lead to arbitrary code execution. The code will run with the privileges of the target web server. No further details were provided.

An analysis of code changes suggests that the flaw may be an input validation flaw in 'chat/messages.php'.

A report by Mandrake indicates that this vulnerability is being actively exploited.

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the web server.
Solution:   The vendor has released a fixed version (0.9.14.006), available at:

http://www.phpgroupware.org/downloads/

Vendor URL:  www.phpgroupware.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 23 2003 (Mandrake Issues Fix) phpGroupWare Unspecified Bug Lets Remote Users Execute Arbitrary Code
Mandrake has released a fix.



 Source Message Contents

Subject:  phpGroupWare 0.9.14.006


http://www.phpgroupware.org/

 > phpGroupWare 0.9.14.006 - Security and Bug Fix Release
 >
 > This release fixes a just discovered exploit in phpGroupWare.
 > The exploit works for ALL branches !!!




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC