oss-sec mailing list archives
CVE request: phpgroupware
From: Alex Legler <a3li () gentoo org>
Date: Wed, 12 Aug 2009 13:37:47 +0200
Hey, can I please get a CVE/CVEs for these issues: 1) Local file disclosure via the "csvfile" parameter to addressbook/csv_import.php 2) SQL injection via the "passwd" parameter to login.php -- requires magic_quotes_gpc=off 3) XSS via parameters starting with "phpgw_" in login.php 4) Local file inclusion and execution via the "conv_type" parameter to addressbook/inc/class.uiXport.inc.php All addressed in http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117 References: http://secunia.com/advisories/35519 http://www.securityfocus.com/bid/35761 http://xforce.iss.net/xforce/xfdb/51922 Thanks, Alex
Attachment:
signature.asc
Description:
Current thread:
- CVE request: phpgroupware Alex Legler (Aug 12)