Description

Horde Groupware Webmail Edition is a free, enterprise ready, browser-based communication suite. Pedro Ribeiro reported a remote code execution bug that is affecting Horde versions from at least horde 3.1.x to 5.1.1.

Remediation

Upgrade to the latest version of Horde.

References

Remote code execution in horde

Fix commit

Changelog

Related Vulnerabilities

Python Off-by-one Error Vulnerability (CVE-2007-2052)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-25955)

WordPress Plugin BulletProof Security Multiple Cross-Site Scripting Vulnerabilities (.53.2)

Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)

Zope Web Application Server Cryptographic Issues Vulnerability (CVE-2012-6661)

Severity

High

Classification

CVE-2014-1691 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Missing Update