Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
2015-10-12T10:59:06.960
2025-04-12T10:46:40.837
Deferred
CVSSv2: 8.5 (HIGH)
AV:N/AC:M/Au:S/C:C/I:C/A:C
6.8
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cybozu | garoon | 3.0.0 | Yes |
| Application | cybozu | garoon | 3.0.1 | Yes |
| Application | cybozu | garoon | 3.0.2 | Yes |
| Application | cybozu | garoon | 3.0.3 | Yes |
| Application | cybozu | garoon | 3.1.0 | Yes |
| Application | cybozu | garoon | 3.1.1 | Yes |
| Application | cybozu | garoon | 3.1.2 | Yes |
| Application | cybozu | garoon | 3.1.3 | Yes |
| Application | cybozu | garoon | 3.5.0 | Yes |
| Application | cybozu | garoon | 3.5.1 | Yes |
| Application | cybozu | garoon | 3.5.2 | Yes |
| Application | cybozu | garoon | 3.5.3 | Yes |
| Application | cybozu | garoon | 3.5.4 | Yes |
| Application | cybozu | garoon | 3.5.5 | Yes |
| Application | cybozu | garoon | 3.7.0 | Yes |
| Application | cybozu | garoon | 3.7.1 | Yes |
| Application | cybozu | garoon | 3.7.2 | Yes |
| Application | cybozu | garoon | 3.7.3 | Yes |
| Application | cybozu | garoon | 3.7.4 | Yes |
| Application | cybozu | garoon | 3.7.5 | Yes |
| Application | cybozu | garoon | 4.0.0 | Yes |
| Application | cybozu | garoon | 4.0.1 | Yes |
| Application | cybozu | garoon | 4.0.2 | Yes |
| Application | cybozu | garoon | 4.0.3 | Yes |