[原文]eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
eGroupware email contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an email is created with an attachment, then not sent. The attachment will be sent with the next outgoing message regardless of who sends the next mail.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: If you attach a file to a message and then decide not to send it, logout of eGroupWare then log back on before sending any new messages.