Vulnerability Description
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpgroupware | Phpgroupware | <= 0.9.16.015 |
Related Weaknesses (CWE)
References
- http://download.phpgroupware.org/PatchVendor Advisory
- http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0Patch
- http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.htmlPatch
- http://secunia.com/advisories/39665Vendor Advisory
- http://secunia.com/advisories/39731Vendor Advisory
- http://www.debian.org/security/2010/dsa-2046
- http://www.securityfocus.com/archive/1/511299/100/0/threaded
- http://www.vupen.com/english/advisories/2010/1145Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1146Vendor Advisory
- http://download.phpgroupware.org/PatchVendor Advisory
- http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0Patch
- http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.htmlPatch
- http://secunia.com/advisories/39665Vendor Advisory
- http://secunia.com/advisories/39731Vendor Advisory
- http://www.debian.org/security/2010/dsa-2046
FAQ
What is CVE-2010-0404?
CVE-2010-0404 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (...
How severe is CVE-2010-0404?
CVE-2010-0404 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0404?
Check the references section above for vendor advisories and patch information. Affected products include: Phpgroupware Phpgroupware.