phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=110312656029072&w=2 - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml - Patch | |
References | () http://www.gulftech.org/?node=research&article_id=00054-12142004 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18497 - |
Information
Published : 2004-12-31 05:00
Updated : 2024-11-20 23:50
NVD link : CVE-2004-1385
Mitre link : CVE-2004-1385
CVE.ORG link : CVE-2004-1385
JSON object : View
Products Affected
phpgroupware
- phpgroupware
CWE