CVE-2004-1383

Name of the Vulnerable Software and Affected Versions: phpGroupWare versions 0.9.16.003 and earlier

Description: The issue allows remote attackers to execute arbitrary SQL statements. This can be achieved via specific parameters to certain PHP files, including the order, project id, pro main, or hours id parameters to "index.php" or the ticket id parameter to "viewticket details.php".

Recommendations: For phpGroupWare versions 0.9.16.003 and earlier, as a temporary workaround, consider restricting access to the vulnerable parameters order, project id, pro main, hours id, and ticket id in the affected PHP files until a patch is available. Avoid using these parameters in "index.php" and "viewticket details.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.