icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHPGroupWare < 0.9.16.016 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to a SQL Injection attack

Description

The remote host appears to be running PHPGroupWare, a groupware system implemented in PHP.

This version is reported to be vulnerable to a SQL injection flaw. An attacker, exploiting this flaw, would be able to execute arbitrary SQL commands against the database server. In addition, there is a local 'file-include' vulnerability which would allow a valid user the ability to modify the integrity of files used by the web server.

Solution

Upgrade to PHPGroupWare 0.9.16.016 or higher.