icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

eGroupWare < 1.6.003 Mutiple Vulnerabilities

High

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting eGroupWare, a web based groupware application written in PHP. The installed version is earlier than 1.6.003. Such versions are potentially affected by multiple vulnerabilities :

- A remote command execution vulnerability in the 'spellchecker_lang' and 'aspell_path' parameters of the 'spellchecker.php' script.

- A cross-site scripting vulnerability in the 'lang' parameter of the 'login.php' script.

Solution

Upgrade to eGroupWare 1.6.003 or later.