CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-2988

HIGH
8.5
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile12.65th
Published2014年10月27日
Last Modified2026年5月6日

Vulnerability Description

EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.

Affected Platforms (CPE)

📦
Egroupware

Egroupware

<= 1.6.001
📦
Egroupware

Egroupware

<= 1.8006

References & Advisories

🔗 http://advisories.mageia.org/MGASA-2014-0221.html
🔗 http://www.mandriva.com/security/advisories?name=MDVSA-2015:087
🔗 http://www.securityfocus.com/archive/1/532103/100/0/threaded
🔗 https://www.htbridge.com/advisory/HTB23212
🔗 http://advisories.mageia.org/MGASA-2014-0221.html
🔗 http://www.mandriva.com/security/advisories?name=MDVSA-2015:087
🔗 http://www.securityfocus.com/archive/1/532103/100/0/threaded
🔗 https://www.htbridge.com/advisory/HTB23212

相关漏洞威胁

CVE-2007-315510.0

Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lac...

CVE-2008-204110.0

Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web ...

CVE-2007-315410.0

Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and o...

CVE-2005-12037.5

Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL...

CVE-2014-2988 Detail & Impact Analysis | CVSS 8.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space