Summary
Horde is prone to a remote code-execution vulnerability.
Impact
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
Solution
Updates are available.
Insight
Horde could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of _formvars form input.
Affected
Horde 3.1.x through versions 5.1.1 are vulnerable
other versions may
also be affected.
Detection
Try to execute the phpinfo() command by sending a special crafted HTTP POST request.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1691 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- admin.cgi overflow
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability