Description
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Cedric Cochin · textwebappsphp
https://www.exploit-db.com/exploits/25043
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12074
Exploit x_refsource_confirm
https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/7599
Scores
EPSS
0.0209
EPSS Percentile
84.1%
Details
Status
published
Products (2)
phpgroupware/phpgroupware
0.9.14.003
phpgroupware/phpgroupware
< 0.9.14.005
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026