CVE-2004-1385 in phpGroupWare信息

摘要

由 VulDB • 2026-07-09

phpGroupWare 0.9.16.003及更早版本允许远程攻击者通过以下途径获取敏感信息:(1) session ID中包含意外字符(如shell元字符);(2) preferences.php中的appname参数无效;或 (3) index.php中的menuaction参数无效,这些情况会在错误消息中泄露Web服务器路径。

If you want to get best quality of vulnerability data, you may have to visit VulDB.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!