Vulnerabilities > CVE-2004-1385 - Unspecified vulnerability in PHPgroupware
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
Vulnerable Configurations
Exploit-Db
description | phpGroupWare 0.9.x index.php Multiple Parameter SQL Injection. CVE-2004-1385. Webapps exploit for php platform |
id | EDB-ID:24847 |
last seen | 2016-02-03 |
modified | 2004-12-15 |
published | 2004-12-15 |
reporter | James Bercegay |
source | https://www.exploit-db.com/download/24847/ |
title | phpGroupWare 0.9.x index.php Multiple Parameter SQL Injection |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-08.NASL description The remote host is affected by the vulnerability described in GLSA-200501-08 (phpGroupWare: Various vulnerabilities) Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full path disclosure. Impact : These vulnerabilities could allow an attacker to perform cross-site scripting attacks, execute SQL queries, and disclose the full path of the web directory. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16399 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16399 title GLSA-200501-08 : phpGroupWare: Various vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200501-08. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(16399); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-1383", "CVE-2004-1384", "CVE-2004-1385"); script_xref(name:"GLSA", value:"200501-08"); script_name(english:"GLSA-200501-08 : phpGroupWare: Various vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200501-08 (phpGroupWare: Various vulnerabilities) Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full path disclosure. Impact : These vulnerabilities could allow an attacker to perform cross-site scripting attacks, execute SQL queries, and disclose the full path of the web directory. Workaround : There is no known workaround at this time." ); # http://www.securityfocus.com/archive/1/384492 script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/384492" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200501-08" ); script_set_attribute( attribute:"solution", value: "All phpGroupWare users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/phpgroupware-0.9.16.004' Note: Users with the vhosts USE flag set should manually use webapp-config to finalize the update." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:phpgroupware"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/phpgroupware", unaffected:make_list("ge 0.9.16.004"), vulnerable:make_list("lt 0.9.16.004"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpGroupWare"); }
NASL family CGI abuses NASL id PHPGROUPWARE_XSS_AND_SQL.NASL description The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. The remote version of this software is vulnerable to multiple issues : - A cross-site scripting issue may allow an attacker to steal the credentials of third-party users of the remote host. (CVE-2004-1384) - A SQL injection vulnerability may allow an attacker to execute arbitrary SQL statements against the remote database. (CVE-2004-1383) - An information disclosure vulnerability exists that is triggered when a specially crafted URL request is sent to the last seen 2020-06-01 modified 2020-06-02 plugin id 15983 published 2004-12-16 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15983 title phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(15983); script_version ("1.19"); script_cve_id("CVE-2004-1383", "CVE-2004-1384", "CVE-2004-1385"); script_bugtraq_id(11952); script_name(english:"phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A remote web application is vulnerable to several flaws." ); script_set_attribute(attribute:"description", value: "The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. The remote version of this software is vulnerable to multiple issues : - A cross-site scripting issue may allow an attacker to steal the credentials of third-party users of the remote host. (CVE-2004-1384) - A SQL injection vulnerability may allow an attacker to execute arbitrary SQL statements against the remote database. (CVE-2004-1383) - An information disclosure vulnerability exists that is triggered when a specially crafted URL request is sent to the 'index.php' script. (CVE-2004-1385)" ); script_set_attribute(attribute:"solution", value: "Update to the newest version of this software." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/16"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/14"); script_cvs_date("Date: 2018/07/24 18:56:11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:phpgroupware:phpgroupware"); script_end_attributes(); script_summary(english:"Checks the version of phpGroupWare"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("phpgroupware_detect.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); kb = get_kb_item("www/" + port + "/phpGroupWare"); if ( ! kb ) exit(0); matches = eregmatch(pattern:"(.*) under (.*)", string:kb); if ( ereg(pattern:"^0\.([0-8][^0-9]|9\.([0-9][^0-9]|1([0-5][^0-9]|6\.(00[0-3]|RC[0-9]))))", string:matches[1])) { security_hole(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); }
References
- http://marc.info/?l=bugtraq&m=110312656029072&w=2
- http://marc.info/?l=bugtraq&m=110312656029072&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
- http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
- http://www.gulftech.org/?node=research&article_id=00054-12142004
- http://www.gulftech.org/?node=research&article_id=00054-12142004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18497