Advisories ยป MGASA-2014-0221

Updated egroupware packages fix a cross site request forgery

Publication date: 17 May 2014
Type: security
Affected Mageia releases : 3 , 4

Description

Updated egroupware packages fix security vulnerabilities:

eGroupWare before 1.8.007 allows logged in users with administrative
priviledges to remotely execute arbitrary commands on the server.  It is
also vulnerable to a cross site request forgery vulnerability that allows
creating new administrative users.
                

References

SRPMS

4/core

3/core