Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

在0.9.16.016之前版本的phpGroupWare(phpgw)中存在多个SQL注入漏洞，允许远程攻击者通过未指定参数执行任意SQL命令，这些参数可以访问(1)class.sessions_db.inc.php,(2)class.translation_sql.inc.php或(3)class.auth_sql.inc.php in phpgwapi/inc/。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）