CVE-2014-2988
Last modified
CVE-2014-2988 is a vulnerability of currently unknown severity. EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.. EPSS estimates a 1.84% chance of exploitation in the next 30 days.
Description
EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Egroupware | Egroupware | <= 1.6.001 |
| Egroupware | Egroupware | <= 1.8006 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-2988?
How severe is CVE-2014-2988?
How do I fix CVE-2014-2988?
Are you affected by CVE-2014-2988?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST