Horde '_formvars' Form Input Remote Code Execution Vulnerability Network Vulnerability

Summary

Horde is prone to a remote code-execution vulnerability.

Impact

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.

Solution

Updates are available.

Insight

Horde could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of _formvars form input.

Affected

Horde 3.1.x through versions 5.1.1 are vulnerable other versions may also be affected.

Detection

Try to execute the phpinfo() command by sending a special crafted HTTP POST request.

References

http://www.horde.org
http://www.securityfocus.com/bid/65200

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1691

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

b2ePMS Multiple SQL Injection Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
ASUS RT56U Router Multiple Vulnerabilities
artmedic_links5 File Inclusion Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities

Take action and discover your vulnerabilities