Path Traversal
Horde IMP is vulnerable to path traversal. The vulnerability is due to insufficient validation of img src URLs, where attackers can bypass the stripos prefix validation by appending traversal sequences after the matching prefix, and read sensitive files whose contents are then exfiltrated as MIME...