Mandriva Linux Security Advisory : egroupware (MDVSA-2014:104)
Medium Nessus Plugin ID 74082
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated egroupware packages fix security vulnerabilities :
eGroupWare before 1.8.007 allows logged in users with administrative priviledges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new administrative users.
SolutionUpdate the affected packages.