CVE-2010-0404

Name of the Vulnerable Software and Affected Versions phpGroupWare versions prior to 0.9.16.016

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities via unspecified parameters to certain PHP files, including class.sessions db.inc.php, class.translation sql.inc.php, and class.auth sql.inc.php in the phpgwapi/inc/ directory.

Recommendations For versions prior to 0.9.16.016, update to version 0.9.16.016 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable PHP files until the update is applied.