Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.

  • Published: Dec 31, 2004
  • Updated: Apr 13, 2023
  • CVE: CVE-2004-1385
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
phpgroupware / phpgroupware 0.9.14.003 0.9.14.003.x
phpgroupware / phpgroupware 0.9.13 0.9.13.x
phpgroupware / phpgroupware 0.9.14.005 0.9.14.005.x
phpgroupware / phpgroupware 0.9.14.006 0.9.14.006.x
phpgroupware / phpgroupware 0.9.12 0.9.12.x
phpgroupware / phpgroupware 0.9.14 0.9.14.x
phpgroupware / phpgroupware 0.9.16.000 0.9.16.000.x
phpgroupware / phpgroupware 0.9.16.003 0.9.16.003.x
phpgroupware / phpgroupware 0.9.16_rc1 0.9.16_rc1.x
phpgroupware / phpgroupware 0.9.16.002 0.9.16.002.x
phpgroupware / phpgroupware 0.9.14.007 0.9.14.007.x