Mandriva Linux Security Advisory : egroupware (MDVSA-2015:087)
High Nessus Plugin ID 82340
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated egroupware packages fix security vulnerabilities :
eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize() method (CVE-2014-2027).
eGroupWare before 1.8.007 allows logged in users with administrative priviledges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new administrative users.
SolutionUpdate the affected packages.