1. CVE-Search
  2. CVE-2004-1383
ID CVE-2004-1383
Summary Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.
References
Vulnerable Configurations
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.13:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.13:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.005:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.005:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.006:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.006:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.007:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.007:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
  • cpe:2.3:a:phpgroupware:phpgroupware:0.9.16_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:phpgroupware:phpgroupware:0.9.16_rc1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 11952
bugtraq 20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]
gentoo GLSA-200501-08
misc http://www.gulftech.org/?node=research&article_id=00054-12142004
xf phpgroupware-projectid-sql-injection(18498)
Last major update 11-07-2017 - 01:30
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top