• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

eGroupWare Unspecified Arbitrary File Upload Vulnerability

eGroupWare is prone to a vulnerability that lets attackers upload arbitrary files. The issue stems from an unspecified error related to FCKEditor.

An attacker can exploit this vulnerability to upload files and execute arbitrary PHP script code in the context of the webserver process. This may aid in further attacks.

NOTE: This issue may be related to the FCKeditor vulnerability described in BID 25829. We will update this BID as more information emerges.

This issue affects versions prior to eGroupWare 1.4.004.