Описание
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.9.16.010-1 |
| devel | released | 0.9.16.010-1 |
| edgy | released | 0.9.16.010-1 |
| feisty | released | 0.9.16.010-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
5 Medium
CVSS2