QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0404

Published: May 18, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

http://download.phpgroupware.org/

x_refsource_CONFIRM

[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016

mailing-list

x_refsource_MLIST

http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0

x_refsource_CONFIRM

20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.