phpGroupWare versions 0.9.16.015 and below suffer from local file inclusion and remote SQL injection vulnerabilities.
ee41970c8feb6af1be1d6a7b70de5c9162deaf02d92bd776ad2298ca2889355a
Debian Linux Security Advisory 2046-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP.
3a8e814f54641e9618488f5ad59558887178f21178734ccbb463644a2e4ce890