Количество 3
Количество 3
CVE-2026-22243
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the `WHERE` clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the `is_int()` security check used by the application. Versions 23.1.20260113 and 26.0.20260113 patch the vulnerability.
CVE-2026-22243
EGroupware is a Web based groupware server written in PHP. A SQL Injec ...
GHSA-rvxj-7f72-mhrx
EGroupware has SQL Injection in Nextmatch Filter Processing
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22243 EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the `WHERE` clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the `is_int()` security check used by the application. Versions 23.1.20260113 and 26.0.20260113 patch the vulnerability. | 0% Низкий | 11 дней назад | |
| CVE-2026-22243 EGroupware is a Web based groupware server written in PHP. A SQL Injec ... | 0% Низкий | 11 дней назад | |
| GHSA-rvxj-7f72-mhrx EGroupware has SQL Injection in Nextmatch Filter Processing | 0% Низкий | 11 дней назад |
Уязвимостей на страницу