CVE-2004-1383 | Vulnerability Database | Aqua Security

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.

Affected Software

Name	Vendor	Start Version	End Version
Phpgroupware	Phpgroupware	0.9.12 (including)	0.9.12 (including)
Phpgroupware	Phpgroupware	0.9.13 (including)	0.9.13 (including)
Phpgroupware	Phpgroupware	0.9.14 (including)	0.9.14 (including)
Phpgroupware	Phpgroupware	0.9.14.003 (including)	0.9.14.003 (including)
Phpgroupware	Phpgroupware	0.9.14.005 (including)	0.9.14.005 (including)
Phpgroupware	Phpgroupware	0.9.14.006 (including)	0.9.14.006 (including)
Phpgroupware	Phpgroupware	0.9.14.007 (including)	0.9.14.007 (including)
Phpgroupware	Phpgroupware	0.9.16.000 (including)	0.9.16.000 (including)
Phpgroupware	Phpgroupware	0.9.16.002 (including)	0.9.16.002 (including)
Phpgroupware	Phpgroupware	0.9.16.003 (including)	0.9.16.003 (including)
Phpgroupware	Phpgroupware	0.9.16_rc1 (including)	0.9.16_rc1 (including)

References

http://marc.info/?l=bugtraq\u0026m=110312656029072\u0026w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
http://www.gulftech.org/?node=research\u0026article_id=00054-12142004
http://www.securityfocus.com/bid/11952
https://exchange.xforce.ibmcloud.com/vulnerabilities/18498

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1383
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html