 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.108066 |
| Category: | Web application abuses |
| Title: | EGroupware Multiple Vulnerabilities (Feb 2017) |
| Summary: | EGroupware is prone to multiple cross-site request forgery; (CSRF) and remote PHP code execution vulnerabilities. |
| Description: | Summary: EGroupware is prone to multiple cross-site request forgery (CSRF) and remote PHP code execution vulnerabilities. Vulnerability Impact: Successfully exploiting these issues will allow attackers to execute arbitrary code within the context of the application. Affected Software/OS: EGroupware Enterprise Line (EPL) before version 11.1.20140505, EGroupware Community Edition before version 1.8.007.20140506 and EGroupware before version 14.1 beta. Solution: Update to version 11.1.20140505 (EPL), 1.8.007.20140506 (Community Edition), 14.1 beta or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-2987 Bugtraq: 20140514 CSRF and Remote Code Execution in EGroupware (Google Search) http://www.securityfocus.com/archive/1/532103/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2015:087 https://www.htbridge.com/advisory/HTB23212 http://secunia.com/advisories/58346 Common Vulnerability Exposure (CVE) ID: CVE-2014-2988 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |