PHPGroupWare Multiple Module SQL Injection Vulnerabilities

It has been reported that PHPGroupWare may be prone to multiple SQL injection vulnerabilities in the 'calendar' and 'infolog' modules. The problems exist due to insufficient sanitization of user-supplied data. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.

PHPGroupWare versions 0.9.14.006, 0.9.16 RC1, and prior may be prone to this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus