Detections
Analytics

eGroupWare < 1.6.003 Mutiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5365

Synopsis

The remote web server is hosting an application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting eGroupWare, a web based groupware application written in PHP. The installed version is earlier than 1.6.003. Such versions are potentially affected by multiple vulnerabilities :

- A remote command execution vulnerability in the 'spellchecker_lang' and 'aspell_path' parameters of the 'spellchecker.php' script.

 - A cross-site scripting vulnerability in the 'lang' parameter of the 'login.php' script.

Solution

Upgrade to eGroupWare 1.6.003 or later.

See Also

http://www.egroupware.org/viewvc/egroupware?view=rev&revision=29422

http://www.egroupware.org/viewvc/egroupware?view=rev&revision=29423

http://www.egroupware.org/news?category_id=95&item=93

http://www.cybsec.com/vuln/cybsec_advisory_2010_0303_egroupware_.pdf

Plugin Details

Severity: High

ID: 5365

Family: CGI

Published: 3/18/2010

Updated: 3/6/2019

Nessus ID: 45023

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 3/9/2010

Vulnerability Publication Date: 3/9/2010

Reference Information

CVE: CVE-2010-3313

BID: 38609, 38794