Caeies

**Name of the Vulnerable Software and Affected Versions** phpGroupWare version 0.9.16RC2 **Description** The issue is related to the `acl check` function, which always returns True, even when `mkdir` does not behave as expected. This could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files. The exact impacts of this issue are not fully understood and may extend beyond the described scenario. **Recommendations** For phpGroupWare version 0.9.16RC2, as a temporary workaround, consider disabling the `acl check` function until a patch is available. Restrict access to sensitive information in users' home directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.