Phpgroupware : Security Vulnerabilities, CVEs, (Sql injection)
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
Max CVSS
7.5
EPSS Score
0.45%
Published
2010-05-19
Updated
2018-10-10
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
Max CVSS
6.8
EPSS Score
0.36%
Published
2009-12-24
Updated
2017-08-17
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.
Max CVSS
7.5
EPSS Score
0.50%
Published
2004-12-31
Updated
2017-07-11
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
Max CVSS
7.5
EPSS Score
0.20%
Published
2004-02-03
Updated
2008-09-05
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
Max CVSS
7.5
EPSS Score
0.10%
Published
2003-08-27
Updated
2008-09-05
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.
Max CVSS
7.5
EPSS Score
0.45%
Published
2002-07-03
Updated
2008-09-05
6 vulnerabilities found