PHPGroupWare Multiple XSS and SQL Injection Vulnerabilities
High Nessus Network Monitor Plugin ID 2457
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host seems to be running PHPGroupWare, a groupware system implemented in PHP. This version is reported to be vulnerable to a cross-site scripting issue and a SQL injection vulnerability. An attacker may gain access to unauthorized information or may steal cookie-based authentication credentials from a legitimate user by sending the user a malformed link to this web site.
SolutionNo solution is known at this time.