Back to CVE List

CVE-2026-22243

HIGH SEVERITY

Vulnerability Description

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the `WHERE` clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the `is_int()` security check used by the application. Versions 23.1.20260113 and 26.0.20260113 patch the vulnerability.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
EGroupware
Product
egroupware

External References

Discussion (0)

Add Comment

No comments yet. Be the first!