Vulnerabilities > CVE-2011-4951 - Unspecified vulnerability in Egroupware and Egroupware Enterprise Line
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://www.egroupware.org/epl-changelog
- http://www.egroupware.org/changelog
- http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html
- http://www.openwall.com/lists/oss-security/2012/03/29/1
- http://www.securityfocus.com/bid/52770
- http://www.openwall.com/lists/oss-security/2012/03/30/3
- http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178
- http://comments.gmane.org/gmane.comp.web.egroupware.german/33144