Vulnerabilities > CVE-2004-0017 - Unspecified vulnerability in PHPgroupware 0.9.14

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.

Vulnerable Configurations

Part Description Count
Application
Phpgroupware
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-419.NASL
    descriptionThe authors of phpgroupware, a web-based groupware system written in PHP, discovered several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0016 In the
    last seen2020-06-01
    modified2020-06-02
    plugin id15256
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15256
    titleDebian DSA-419-1 : phpgroupware - missing filename sanitising, SQL injection
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-419. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15256);
      script_version("1.24");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2004-0016", "CVE-2004-0017");
      script_bugtraq_id(9386, 9387);
      script_xref(name:"DSA", value:"419");
    
      script_name(english:"Debian DSA-419-1 : phpgroupware - missing filename sanitising, SQL injection");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The authors of phpgroupware, a web-based groupware system written in
    PHP, discovered several vulnerabilities. The Common Vulnerabilities
    and Exposures project identifies the following problems :
    
      - CAN-2004-0016
        In the 'calendar' module, 'save extension' was not
        enforced for holiday files. As a result, server-side php
        scripts may be placed in directories that then could be
        accessed remotely and cause the webserver to execute
        those. This was resolved by enforcing the extension
        '.txt' for holiday files.
    
      - CAN-2004-0017
    
        Some SQL injection problems (non-escaping of values used
        in SQL strings) the 'calendar' and 'infolog' modules.
    
    Additionally, the Debian maintainer adjusted the permissions on world
    writable directories that were accidentally created by former postinst
    during the installation."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-419"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the phpgroupware, phpgroupware-calendar and
    phpgroupware-infolog packages.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.9.14-0.RC3.2.woody3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:phpgroupware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"phpgroupware", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-addressbook", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-admin", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-api", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-api-doc", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-bookkeeping", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-bookmarks", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-brewer", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-calendar", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-chat", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-chora", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-comic", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-core", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-core-doc", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-developer-tools", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-dj", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-eldaptir", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-email", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-filemanager", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-forum", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-ftp", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-headlines", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-hr", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-img", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-infolog", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-inv", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-manual", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-messenger", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-napster", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-news-admin", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-nntp", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-notes", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-phonelog", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-phpsysinfo", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-phpwebhosting", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-polls", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-preferences", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-projects", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-registration", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-setup", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-skel", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-soap", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-stocks", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-todo", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-tts", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-wap", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-weather", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    if (deb_check(release:"3.0", prefix:"phpgroupware-xmlrpc", reference:"0.9.14-0.RC3.2.woody3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCGI abuses
    NASL idPHPGROUPWARE_SQL_INJECTION.NASL
    descriptionThe remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. It has been reported that this version may be prone to multiple SQL injection vulnerabilities in the
    last seen2020-06-01
    modified2020-06-02
    plugin id14296
    published2004-08-17
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14296
    titlephpGroupWare Multiple Module SQL Injection
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(14296);
     script_version("1.22");
    
     script_cve_id("CVE-2004-0017");
     script_bugtraq_id(9386);
    
     script_name(english:"phpGroupWare Multiple Module SQL Injection");
    
     script_set_attribute(attribute:"synopsis", value:
    "A remote web application is prone to multiple SQL injections." );
     script_set_attribute(attribute:"description", value:
    "The remote host seems to be running PhpGroupWare, a multi-user 
    groupware suite written in PHP.
    
    It has been reported that this version may be prone to multiple SQL 
    injection vulnerabilities in the 'calendar' and 'infolog' modules. 
    
    The problems exist due to insufficient sanitization of user-supplied 
    data. 
    
    A remote attacker may exploit these issues to influence SQL query logic
    to disclose sensitive information that could be used to gain 
    unauthorized access." );
     script_set_attribute(attribute:"solution", value:
    "Update to version 0.9.14.007 or newer." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_set_attribute(attribute:"see_also", value:"https://www.phpgroupware.org/" );
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/17");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/10/21");
     script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_set_attribute(attribute:"cpe",value:"cpe:/a:phpgroupware:phpgroupware");
    script_end_attributes();
    
     
     script_summary(english:"Checks for PhpGroupWare version");
     
     script_category(ACT_ATTACK);
     
     script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
     script_family(english:"CGI abuses");
     script_dependencie("phpgroupware_detect.nasl");
     script_require_ports("Services/www", 80);
     exit(0);
    }
    
    #
    # The script code starts here
    #
    
    include("http_func.inc");
    
    port = get_http_port(default:80, embedded:TRUE);
    
    kb = get_kb_item("www/" + port + "/phpGroupWare");
    if ( ! kb ) exit(0);
    
    matches = eregmatch(pattern:"(.*) under (.*)", string:kb);
    
    if ( ereg(pattern:"^0\.([0-8]\.|9\.([0-9]\.|1[0-3]\.|14\.0*[0-6][^0-9]))", string:matches[1]) )
    {
    	security_hole(port);
    	set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
    }