Debian Security Advisory

DSA-1978-1 phpgroupware -- several vulnerabilities

Date Reported:
26 Jan 2010
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2009-4414, CVE-2009-4415, CVE-2009-4416.
More information:

Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-4414

    An SQL injection vulnerability was found in the authentication module.

  • CVE-2009-4415

    Multiple directory traversal vulnerabilities were found in the addressbook module.

  • CVE-2009-4416

    The authentication module is affected by cross-site scripting.

For the stable distribution (lenny) these problems have been fixed in version

For the unstable distribution (sid) these problems have been fixed in version

We recommend that you upgrade your phpgroupware packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.