CVE-2009-4415
Publication date 24 December 2009
Last updated 24 July 2024
Ubuntu priority
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
Status
Package | Ubuntu Release | Status |
---|---|---|
phpgroupware | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Fixed 1:0.9.16.012+dfsg-8+lenny1build0.9.10.1
|
|
9.04 jaunty |
Fixed 1:0.9.16.012+dfsg-8+lenny1build0.9.04.1
|
|
8.10 intrepid | Ignored end of life, was needed | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Ignored end of life |