CVE-2010-0403

Published: 19 May 2010

Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.

Priority

Status

Package	Release	Status
phpgroupware Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Ignored (end of life)
	jaunty	Released (1:0.9.16.012+dfsg-8+lenny2build0.9.04.1)
	karmic	Released (1:0.9.16.012+dfsg-8+lenny2build0.9.10.1)
	lucid	Ignored (end of life)
	maverick	Does not exist (pulled 2010-07-27)
	natty	Does not exist (pulled 2010-07-27)
	oneiric	Does not exist (pulled 2010-07-27)
	precise	Does not exist (pulled 2010-07-27)
	quantal	Does not exist (pulled 2010-07-27)
	raring	Does not exist (pulled 2010-07-27)
	saucy	Does not exist (pulled 2010-07-27)
	upstream	Released (0.9.16.016)
	Patches: vendor: http://www.debian.org/security/2010/dsa-2046

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2010-0403

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading