Description
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/24846
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18498
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110312656029072&w=2
Exploit x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00054-12142004
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11952
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
Scores
EPSS
0.0113
EPSS Percentile
78.4%
Details
Status
published
Products (11)
phpgroupware/phpgroupware
0.9.12
phpgroupware/phpgroupware
0.9.13
phpgroupware/phpgroupware
0.9.14
phpgroupware/phpgroupware
0.9.14.003
phpgroupware/phpgroupware
0.9.14.005
phpgroupware/phpgroupware
0.9.14.006
phpgroupware/phpgroupware
0.9.14.007
phpgroupware/phpgroupware
0.9.16.000
phpgroupware/phpgroupware
0.9.16.002
phpgroupware/phpgroupware
0.9.16.003
... and 1 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026