Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T/ | |
https://lists.horde.org/archives/announce/2020/001285.html | Mailing List Vendor Advisory |
Configurations
History
01 Jan 2022, 19:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |
References | (MISC) http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html - Mailing List, Third Party Advisory |
Information
Published : 2020-02-17 15:15
Updated : 2024-02-04 20:39
NVD link : CVE-2020-8518
Mitre link : CVE-2020-8518
CVE.ORG link : CVE-2020-8518
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
horde
- groupware
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')