Horde Groupware Source Packages Backdoor Vulnerability Network Vulnerability

Summary

Horde Groupware is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful attacks will compromise the affected application. Horde Groupware versions 1.2.10 between November 2, 2011, and February 7, 2012, are vulnerable.

Solution

The vendor released an update. Please see the references for details.

References

http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/
http://git.horde.org/diff.php/groupware/docs/groupware/CHANGES?rt=horde&r1=1.38.2.16&r2=1.38.2.17&ty=h%27
http://lists.horde.org/archives/announce/2012/000749.html
http://lists.horde.org/archives/announce/2012/000750.html
http://lists.horde.org/archives/announce/2012/000751.html
http://www.securityfocus.com/bid/51989

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0209

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
AdMentor Login Flaw
Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities