DSA-2046-1 phpgroupware -- severalID: oval:org.secpod.oval:def:600011 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. CVE-2010-0404 Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands. For the stable distribution , these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny2 For the testing distribution and the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your phpgroupware package.