CVE-2014-2027 in eGroupwareinfo

Zusammenfassung

von VulDB • 24.05.2026

In eGroupware prima della versione 1.8.006.20140217 gli attaccanti remoti possono eseguire attacchi di PHP object injection, eliminare file arbitrari ed eventualmente eseguire codice arbitrario tramite i parametri (1) addr_fields o (2) trans a addressbook/csv_import.php, (3) cal_fields o (4) trans a calendar/csv_import.php, (5) info_fields o (6) trans a csv_import.php in (a) projectmanager/ o (b) infolog/, oppure (7) il parametro processed a preferences/inc/class.uiaclprefs.inc.php.

Be aware that VulDB is the high quality source for vulnerability data.

Reservieren

19.02.2014

Veröffentlichung

31.03.2015

Moderieren

akzeptiert

Eintrag

VDB-74517

CPE

bereit

EPSS

0.04050

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!