eGroupWare 1.0 - '/tts/index.php?filter' SQL Injection

EKU-ID: 30784	CVE: CVE-2005-1203;OSVDB-15752;BID: 13212;GTSA-00065	OSVDB-ID:
Author: GulfTech Security	Published: 2005-04-18	Verified:
Download:

Rating

☆☆☆☆☆

source: https://www.securityfocus.com/bid/13212/info

eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available.

The issues arise due to a failure of the application to properly validate user-supplied input. These issues result in cross-site scripting and SQL injection attacks.

http://egroupware/tts/index.php?filter=u99[SQL]
http://egroupware/tts/index.php?filter=c99[SQL]