phpGroupWare contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that variables in the 'infolog' module are not verified properly and will allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.
Upgrade to version 0.9.14.001 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.