The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP.

A vulnerability in Horde IMP could allow unauthenticated command execution via imap_open in an exposed debug page.


The IMP debug page (accessible at should be deleted after installation.


Related Vulnerabilities