CVE-2010-0404 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpgroupware	Phpgroupware

Configuration 1 [-]

OR	cpe:2.3:a:phpgroupware:phpgroupware::::::::
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.001:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.011:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:::::::*
	cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.014:::::::*

No data.

References

Link	Providers
http://download.phpgroupware.org/
http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0
http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html
http://secunia.com/advisories/39665
http://secunia.com/advisories/39731
http://www.debian.org/security/2010/dsa-2046
http://www.securityfocus.com/archive/1/511299/100/0/threaded
http://www.vupen.com/english/advisories/2010/1145
http://www.vupen.com/english/advisories/2010/1146

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-05-18T15:29:00

Updated: 2024-08-07T00:45:12.233Z

Reserved: 2010-01-27T00:00:00

Link: CVE-2010-0404

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-05-19T12:08:08.100

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0404

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1146", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1146"}, {"name": "ADV-2010-1145", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1145"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.phpgroupware.org/"}, {"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"}, {"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"}, {"name": "39731", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39731"}, {"name": "DSA-2046", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2046"}, {"name": "39665", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39665"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0404", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1146", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1146"}, {"name": "ADV-2010-1145", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1145"}, {"name": "http://download.phpgroupware.org/", "refsource": "CONFIRM", "url": "http://download.phpgroupware.org/"}, {"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", "refsource": "MLIST", "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"}, {"name": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0", "refsource": "CONFIRM", "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"}, {"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"}, {"name": "39731", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39731"}, {"name": "DSA-2046", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2046"}, {"name": "39665", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39665"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:12.233Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2010-1146", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1146"}, {"name": "ADV-2010-1145", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1145"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.phpgroupware.org/"}, {"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"}, {"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"}, {"name": "39731", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39731"}, {"name": "DSA-2046", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2046"}, {"name": "39665", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39665"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0404", "datePublished": "2010-05-18T15:29:00", "dateReserved": "2010-01-27T00:00:00", "dateUpdated": "2024-08-07T00:45:12.233Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*", "matchCriteriaId": "959D31B3-F41E-4C42-8685-FBB6B4204AEC", "versionEndIncluding": "0.9.16.015", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:*:*:*:*:*:*:*", "matchCriteriaId": "BC3FE8A4-497F-4282-828F-C14BB01B553D", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*", "matchCriteriaId": "1C011E73-A072-421D-8500-C414A5B67BF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.001:*:*:*:*:*:*:*", "matchCriteriaId": "B21818A9-9E32-4535-A8DA-CB57D1004E2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*", "matchCriteriaId": "B2FBB83A-AADB-44D2-A227-2D76D4EF40CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*", "matchCriteriaId": "6D7BA9C4-E9B0-420A-936F-50EAC81B7EBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:*:*:*:*:*:*:*", "matchCriteriaId": "EE7F6B19-F4E1-48F0-86ED-E5A21DE7EB2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:*:*:*:*:*:*:*", "matchCriteriaId": "E02256AC-1BE6-423D-A974-61D5EF137573", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.011:*:*:*:*:*:*:*", "matchCriteriaId": "159181D8-BED8-4DED-9B48-E0E126C4DFF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:*:*:*:*:*:*:*", "matchCriteriaId": "CB63C1A0-4C62-424B-A858-09DB6AB19BEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.014:*:*:*:*:*:*:*", "matchCriteriaId": "7B4CAA53-0E0B-43FB-93F2-C8BA44CB0A51", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en phpGroupWare (phpgw) anterior a v0.9.16.016 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de par\u00e1metros sin especificar a (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php en phpgwapi/inc/."}], "id": "CVE-2010-0404", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-19T12:08:08.100", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://download.phpgroupware.org/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39665"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39731"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2046"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1145"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://download.phpgroupware.org/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39731"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2046"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1146"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}