Horde '_formvars' Form Input Remote Code Execution Vulnerability Network Vulnerability

Summary

Horde is prone to a remote code-execution vulnerability.

Impact

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.

Solution

Updates are available.

Insight

Horde could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of _formvars form input.

Affected

Horde 3.1.x through versions 5.1.1 are vulnerable other versions may also be affected.

Detection

Try to execute the phpinfo() command by sending a special crafted HTTP POST request.

References

http://www.horde.org
http://www.securityfocus.com/bid/65200

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1691
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats configdir parameter arbitrary cmd exec
Alchemy Eye HTTP Command Execution
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
artmedic_links5 File Inclusion Vulnerability
4Images <= 1.7.1 Directory Traversal Vulnerability

Take action and discover your vulnerabilities