Описание
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | pulled 2010-07-27 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | released | 1:0.9.16.012+dfsg-8+lenny1build0.9.04.1 |
| karmic | released | 1:0.9.16.012+dfsg-8+lenny1build0.9.10.1 |
| lucid | not-affected | 1:0.9.16.012+dfsg-10 |
| maverick | DNE | pulled 2010-07-27 |
| natty | DNE | pulled 2010-07-27 |
| oneiric | DNE | pulled 2010-07-27 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
EPSS
6.8 Medium
CVSS2