4 matches found
CVE-2020-8865
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...
[SECURITY] [DLA 2175-1] php-horde-trean security update
Package : php-horde-trean Version : 1.1.1-2+deb8u1 CVE ID : CVE-2020-8865 Debian Bug : 955019 A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code ...
CVE-2020-8865
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...
CVE-2020-8865
CVE-2020-8865 affects Horde Groupware Webmail Edition 5.2.22. A flaw in edit.php when parsing params[template] allows an authenticated attacker to trigger improper file path handling and, with other vulnerabilities, execute code as the www-data user. Connected advisories confirm the issue and lin...