https://www.exploit-db.com/exploits/25437
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-233

eGroupware1.0.0.007之前版本的index.php中存在多个SQL注入漏洞，远程攻击者可以通过(1)filter或(2)cats_app参数来执行任意SQL命令。

source: http://www.securityfocus.com/bid/13212/info
   
eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available.
   
The issues arise due to a failure of the application to properly validate user-supplied input. These issues result in cross-site scripting and SQL injection attacks. 

http://egroupware/index.php?menuaction=preferences.uicategories.index&cats_app=foobar[SQL]

来源:BID
名称:13212
链接:http://www.securityfocus.com/bid/13212
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=320768
来源:GENTOO
名称:GLSA-200504-24
链接:http://security.gentoo.org/glsa/glsa-200504-24.xml
来源:SECUNIA
名称:14982
链接:http://secunia.com/advisories/14982
来源:OSVDB
名称:15753
链接:http://www.osvdb.org/15753
来源:MISC
链接:http://www.gulftech.org/?node=research&article;_id=00069-04202005
来源:BUGTRAQ
名称:20050420MultipleeGroupwareVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111401760125555&w;=2