CyberSec.Space Logo
CVEブラウザに戻る

CVE-2001-0043

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0350%
EPSS Percentile34.66th
Published2001年2月16日
Last Modified2026年4月16日

Vulnerability Description

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

Affected Platforms (CPE)

📦
Phpgroupware

Phpgroupware

= 0.9.6

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
🔗 http://sourceforge.net/project/shownotes.php?release_id=17604
🔗 http://www.osvdb.org/1682
🔗 http://www.securityfocus.com/bid/2069
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/5650
🔗 http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
🔗 http://sourceforge.net/project/shownotes.php?release_id=17604
🔗 http://www.osvdb.org/1682

関連する脆弱性情報

CVE-2004-240610.0

Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.

CVE-2004-240710.0

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the...

CVE-2003-059910.0

Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with...

CVE-2002-05367.5

PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise th...