eGroupWare < 1.6.003 Mutiple Vulnerabilities

High Nessus Network Monitor Plugin ID 5365


The remote web server is hosting an application that is vulnerable to multiple attack vectors.


The remote web server is hosting eGroupWare, a web based groupware application written in PHP. The installed version is earlier than 1.6.003. Such versions are potentially affected by multiple vulnerabilities :

- A remote command execution vulnerability in the 'spellchecker_lang' and 'aspell_path' parameters of the 'spellchecker.php' script.

- A cross-site scripting vulnerability in the 'lang' parameter of the 'login.php' script.


Upgrade to eGroupWare 1.6.003 or later.

See Also;revision=29422;revision=29423;item=93

Plugin Details

Severity: High

ID: 5365

File Name: 5365.prm

Family: CGI

Published: 2010/03/18

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 45023

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/03/09

Vulnerability Publication Date: 2010/03/09

Reference Information

BID: 38609, 38794

OSVDB: 62805