Marc Logemann » More.groupware : Security Vulnerabilities, CVEs,
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
Max CVSS
7.5
EPSS Score
0.57%
Published
2006-09-21
Updated
2017-10-19
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Max CVSS
5.0
EPSS Score
0.39%
Published
2001-10-02
Updated
2008-09-10
2 vulnerabilities found