Directory Traversal Vulnerability in EGroupware by EGroupware
CVE-2011-4948

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 31 August 2012

What is CVE-2011-4948?

This vulnerability allows remote attackers to exploit the admin/remote.php script in EGroupware, leading to unauthorized access to sensitive files. By manipulating the 'type' parameter with encoded dot dot slashes (..%2f), attackers can read arbitrary files on the server. This breach puts server security and data integrity at risk, underscoring the importance of applying security updates.

References

http://www.egroupware.org/epl-changelog

x_refsource_CONFIRM

http://www.autosectools.com/Advisory/eGroupware-1.8.001.2...

x_refsource_MISC

http://packetstormsecurity.org/files/101676/eGroupware-1....

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 31, 2012

Egroupware

What is CVE-2011-4948?

References

Timeline