eGroupware Multiple Input Validation Vulnerabilities

eGroupware is prone to multiple input-validation vulnerabilities, including:

1. A cross-site scripting vulnerability
2. An SQL-injection vulnerability
3. A local file-include vulnerability
4. A URI-redirection vulnerability

Exploiting these issues could allow an attacker to execute arbitrary script code and PHP code in the browser of an unsuspecting user in the context of the affected site, redirect users to a potentially malicious site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


 

Privacy Statement
Copyright 2010, SecurityFocus