Remote Code Execution Vulnerability in EGroupware
CVE-2014-2988

Currently unrated

Key Information:

Vendor

Egroupware

Status
Egroupware
Vendor
CVE Published:
27 October 2014

What is CVE-2014-2988?

EGroupware versions prior to 1.1.20140505 for the Enterprise Line and prior to 1.8.007.20140506 for the Community Edition are susceptible to a remote code execution vulnerability. Privileged authenticated administrators are able to execute arbitrary PHP code through manipulated callback values delivered to the call_user_func PHP function, particularly utilizing the newsettings[system] parameter. This vulnerability can be exploited when combined with CVE-2014-2987, allowing attackers to gain unauthorized access and control over the server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://advisories.mageia.org/MGASA-2014-0221.html
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
https://www.htbridge.com/advisory/HTB23212
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.