Horde remote code execution

Description

Horde Groupware Webmail Edition is a free, enterprise ready, browser-based communication suite. Pedro Ribeiro reported a remote code execution bug that is affecting Horde versions from at least horde 3.1.x to 5.1.1.

Remediation

Upgrade to the latest version of Horde.

References

Remote code execution in horde

Fix commit

Changelog

Related Vulnerabilities

MySQL CVE-2019-2974 Vulnerability (CVE-2019-2974)

Oracle Database Server CVE-2008-1813 Vulnerability (CVE-2008-1813)

Oracle Database Server CVE-2015-4755 Vulnerability (CVE-2015-4755)

WordPress Plugin betterAmazonAPI Cross-Site Scripting (1.2)

WordPress Plugin Events Manager Extended 'admin.php' SQL Injection (3.1.2)

Severity

High

Classification

CVE-2014-1691 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N