Vulnerabilities > Egroupware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-31 | CVE-2014-2027 | Code Injection vulnerability in Egroupware 1.8.001.20110421/1.8.001.20110805 eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php. | 7.5 |
| 2014-10-27 | CVE-2014-2988 | Code Injection vulnerability in Egroupware EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. | 8.5 |
| 2012-08-31 | CVE-2011-4949 | SQL Injection vulnerability in Egroupware and Egroupware Enterprise Line SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-09-22 | CVE-2010-3313 | Code Injection vulnerability in Egroupware phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters. | 7.5 |
| 2005-05-02 | CVE-2005-1203 | Cross-Site Scripting and SQL Injection vulnerability in eGroupWare Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter. | 7.5 |