More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| More.groupware | Marc_logemann | 0.5.1 (including) | 0.5.1 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.iss.net/security_center/static/7215.php
- http://www.moregroupware.org/index.php?action=detail\u0026news_id=24
- http://www.securityfocus.com/bid/3383
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
- http://www.iss.net/security_center/static/7215.php
- http://www.moregroupware.org/index.php?action=detail\u0026news_id=24
- http://www.securityfocus.com/bid/3383