212247 – (CVE-2006-4906) www-apps/moregroupware SQLi (CVE-2006-4906)

Bug 212247 (CVE-2006-4906) - www-apps/moregroupware SQLi (CVE-2006-4906)

Summary: www-apps/moregroupware SQLi (CVE-2006-4906)

Status:	RESOLVED FIXED

Alias:	CVE-2006-4906

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High enhancement
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-03-04 07:12 UTC by Hanno Böck
Modified:	2009-09-28 02:39 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2008-03-04 07:12:40 UTC

CVE-2006-4906:
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.

Seems to be unmaintained upstream and no security updates available. Beside, bundled smarty is probably affected by #212147

Comment 1 Benedikt Böhm (RETIRED) gentoo-dev

2008-03-07 09:53:22 UTC

in p.mask now

Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev

2008-10-31 06:21:04 UTC

issued last rites. will be removed in 30 days.

Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev

2008-12-03 10:47:23 UTC

Ebuild removed. webapps done.

Comment 4 Alex Legler (RETIRED) archtester

2009-08-27 22:14:43 UTC

This is gone for 10 months. Do we still want a GLSA for that?

Comment 5 Alex Legler (RETIRED) archtester

2009-09-21 19:23:22 UTC

I take that as a no. Closing noglsa.

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2009-09-28 02:39:02 UTC

ACKed