Summary
This host is running the eGroupware and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application or to redirect to an arbitrary URL.
Impact Level: Application
Solution
Upgrade to version 1.8.001.20110805 or later,
For updates refer to http://www.egroupware.org
Insight
Multiple flaws are due to:
- An input validation error in 'type' parameter to '/admin/remote.php?', which allows attackers to read arbitrary files via a ..%2f(dot dot) sequences.
- An open redirect vulnerability in '/phpgwapi/ntlm/index.php?', when handling the URL.
Affected
eGroupware version 1.8.001.20110421
References
Severity
Classification
-
CVE CVE-2011-4948, CVE-2011-4949, CVE-2011-4950, CVE-2011-4951 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities