3 matches found
CVE-2026-60102
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102
The vulnerability is in Horde VFS API before 3.0.1, specifically the Horde_Vfs_Smb driver. The _escapeShellCommand() function fails to sanitize command substitution, allowing authenticated attackers to inject arbitrary shell commands via user-controlled filenames. Malicious filenames containing u...
CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...