Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHPGroupWare Multiple XSS and SQL Injection Vulnerabilities

High

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host seems to be running PHPGroupWare, a groupware system implemented in PHP. This version is reported to be vulnerable to a cross-site scripting issue and a SQL injection vulnerability. An attacker may gain access to unauthorized information or may steal cookie-based authentication credentials from a legitimate user by sending the user a malformed link to this web site.

Solution

No solution is known at this time.