Local File Inclusion Vulnerability in Horde Internet Messaging Program
CVE-2001-1258
Currently unrated
What is CVE-2001-1258?
The Horde Internet Messaging Program (IMP) version prior to 2.2.6 contains a vulnerability that allows local users to exploit misconfigurations and access sensitive configuration files. By uploading a specially crafted prefs.lang file containing PHP code, attackers can read IMP configuration files and extract the Horde database password. This exposure poses significant risks as it could give malicious actors unauthorized access to critical database information and application functionalities.
