CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.005:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.006:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.007:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16_rc1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:50

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=110312656029072&w=2 - () http://marc.info/?l=bugtraq&m=110312656029072&w=2 -
References () http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml - Patch () http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml - Patch
References () http://www.gulftech.org/?node=research&article_id=00054-12142004 - Exploit () http://www.gulftech.org/?node=research&article_id=00054-12142004 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/18497 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/18497 -

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:50


NVD link : CVE-2004-1385

Mitre link : CVE-2004-1385

CVE.ORG link : CVE-2004-1385


JSON object : View

Products Affected

phpgroupware

  • phpgroupware