SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Forum/Board/Portal)  >   phpGroupWare Vendors:   phpGroupWare.org
phpGroupWare Flaws Allow SQL Injection and PHP File Uploading
SecurityTracker Alert ID:  1008662
SecurityTracker URL:  http://securitytracker.com/id/1008662
CVE Reference:   CVE-2004-0016, CVE-2004-0017   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Jan 9 2004
Impact:   Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.9.14.007
Description:   Some vulnerabilities were reported in phpGroupWare. A remote user may be able to inject SQL commands. A remote authenticated user may be able to upload PHP scripts and execute them on the target server.

It is reported that the 'calendar' and 'infolog' modules do not properly escape user-supplied input [CVE-2004-0017]. A remote user may be able to supply a specially crafted request to execute SQL queries on the underlying database.

It is also reported that the 'calendar' module allows a remote authenticated user to upload holiday files containing PHP code that can later be remotely executed. The 'save extension' is reportedly not properly enforced [CVE-2004-0016]. The PHP code will execute with the privileges of the target web service.

Impact:   A remote user can inject SQL commands to be executed by the underlying database.

A remote authenticated user can upload PHP files and then execute the files with the privileges of the target web service.

Solution:   The vendor released a fixed version (0.9.14.007) in October 2003, available at:

http://phpgroupware.org/downloads

Vendor URL:  www.phpgroupware.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 9 2004 (Debian Issues Fix) phpGroupWare Flaws Allow SQL Injection and PHP File Uploading   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.



 Source Message Contents

Date:  Fri, 09 Jan 2004 09:52:13 -0500
Subject:  CVE: CAN-2004-0016 CAN-2004-0017


CVE: CAN-2004-0016 CAN-2004-0017

Some vulnerabilities have been reported in phpGroupWare, as reported by Debian:

 > CAN-2004-0016
 >
 >   In the "calendar" module, "save extension" was not enforced for
 >   holiday files.  As a result, server-side php scripts may be placed
 >   in directories that then could be accessed remotely and cause the
 >   webserver to execute those.  This was resolved by enforcing the
 >   extension ".txt" for holiday files.
 >
 > CAN-2004-0017
 >
 >   Some SQL injection problems (non-escaping of values used in SQL
 >   strings) the "calendar" and "infolog" modules.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC