phpGroupWare Calendar Module Holiday File Save Extension Feature Arbitrary File Execution

high Nessus Plugin ID 14295

Synopsis

Arbitrary code may be run on the remote host.

Description

It has been reported that the version of phpGroupWare hosted on the remote web server may be affected by a vulnerability that allows remote attackers to upload scripts and then execute them on the affected system.

Solution

Update to version 0.9.14.007 or later.

See Also

https://www.phpgroupware.org/

Plugin Details

Severity: High

ID: 14295

File Name: phpgroupware_server_side_exec_vuln.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 8/17/2004

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpgroupware:phpgroupware

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/9/2004

Reference Information

CVE: CVE-2004-0016

BID: 9387