oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: phpgroupware

From: Alex Legler <a3li () gentoo org>
Date: Wed, 12 Aug 2009 13:37:47 +0200
Hey,

can I please get a CVE/CVEs for these issues:

1) Local file disclosure via the "csvfile" parameter to
addressbook/csv_import.php

2) SQL injection via the "passwd" parameter to login.php -- requires
magic_quotes_gpc=off

3) XSS via parameters starting with "phpgw_" in login.php

4) Local file inclusion and execution via the "conv_type" parameter to
addressbook/inc/class.uiXport.inc.php

All addressed in
http://svn.savannah.gnu.org/viewvc?view=rev&root=phpgroupware&sortby=date&revision=19117

References:
http://secunia.com/advisories/35519
http://www.securityfocus.com/bid/35761
http://xforce.iss.net/xforce/xfdb/51922

Thanks,
Alex

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: