php-horde-gollem is vulnerable to authentication bypass. The File Manager (gollem) module allows remote attackers to bypass Horde authentication for file downloads via a malicious fn parameter that corresponds to the exact filename.
CPE | Name | Operator | Version |
---|---|---|---|
php-horde-gollem:stretch | eq | 3.0.10-1+deb9u1 | |
php-horde-gollem:stretch | eq | 3.0.10-1+deb9u1 |