Local File Inclusion Vulnerability in Horde Internet Messaging Program
CVE-2001-1258

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
21 July 2001

What is CVE-2001-1258?

The Horde Internet Messaging Program (IMP) version prior to 2.2.6 contains a vulnerability that allows local users to exploit misconfigurations and access sensitive configuration files. By uploading a specially crafted prefs.lang file containing PHP code, attackers can read IMP configuration files and extract the Horde database password. This exposure poses significant risks as it could give malicious actors unauthorized access to critical database information and application functionalities.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.