Title: MoreGroupWare WEBMAIL2_INC_DIR Remote File Include Vulnerability
Severity: HIGH
Description:
moregroupware is a tool to facilitate office communications. It includes, among other features, webmail, calendaring and project management functionality. It is implemented in PHP and is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.
moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence the $webmail2_inc_dir URI variable or in some cases the $appconf URI variable. This variable is used in the include path for the 'mimepart.php', 'pear.php' and 'mime_types.php' scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed. This would occur in the context of the web server. This issue exists in 'class.html.mime.mail.inc', 'rfc822.php' and 'webmail2_func.inc' scripts.
This could be exploited to execute malicious PHP commands in the context of the web server process.
It should be noted that although moregroupware version 0.6.8 has been reported vulnerable, other versions might also be affected.
Affected Products:
- moregroupware moregroupware 0.6.8
References:
- moregroupware: moregroupware
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
