| Vulnerability Name: | CVE-2004-1383 (CCN-18498) | ||||||||
| Assigned: | 2004-12-15 | ||||||||
| Published: | 2004-12-15 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Dec 14 2004 - 21:15:17 CST Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] Source: MITRE Type: CNA CVE-2004-1383 Source: BUGTRAQ Type: UNKNOWN 20041215 Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] Source: CCN Type: GLSA-200501-08 phpGroupWare: Various vulnerabilities Source: GENTOO Type: Patch GLSA-200501-08 Source: MISC Type: Exploit http://www.gulftech.org/?node=research&article_id=00054-12142004 Source: CCN Type: OSVDB ID: 12395 phpGroupWare viewticket_details.php ticket_id Parameter SQL Injection Source: BID Type: Exploit, Patch 11952 Source: CCN Type: BID-11952 PHPGroupWare Multiple Cross-Site Scripting and SQL Injection Vulnerabilities Source: XF Type: UNKNOWN phpgroupware-projectid-sql-injection(18498) Source: XF Type: UNKNOWN phpgroupware-projectid-sql-injection(18498) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||