Multiple CSRF Vulnerabilities in EGroupware Products
CVE-2014-2987

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware
Vendor: CVE Published:; 26 October 2014

What is CVE-2014-2987?

EGroupware products are exposed to multiple cross-site request forgery (CSRF) vulnerabilities that enable remote attackers to hijack the authentication of administrators. These vulnerabilities allow unauthorized actions such as creating an administrator account or altering settings via compromised requests. This can lead to further exploitation, including the potential execution of arbitrary PHP code. Users are advised to update to the latest versions to mitigate risks associated with these vulnerabilities.

References

http://advisories.mageia.org/MGASA-2014-0221.html

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/advisories/58346

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2014
Vulnerability Reserved
Apr 24, 2014

Egroupware

What is CVE-2014-2987?

References

Timeline