phpGroupWare Might Expose Sensitive Data

A vulnerability in the popular open-source phpGroupWare platform could allow remote intruders to gain access to sensitive data stored in files on the server hosting the software. The vulnerability is due to incorrect input validation of data provided in URLs. A remote intruder can exploit this condition by crafting a URL that will display file content from the server, and an exploit for this vulnerability has been published. An upgrade to phpGroupWare that addresses the vulnerability is available at the URL below.

http://phpgroupware.org

TAGS: Windows 8
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish