Directory Traversal Vulnerability in Horde Framework and Groupware
CVE-2009-0932

Currently unrated

Key Information:

Vendor

Debian
Status
Horde
Horde Groupware
Vendor
CVE Published:
17 March 2009

What is CVE-2009-0932?

The directory traversal vulnerability in the Horde framework allows remote attackers to manipulate the input in the Horde_Image driver. This manipulation can lead to the inclusion and execution of arbitrary local files, posing a significant security risk. The flaw exists due to insufficient validation of user-supplied data. Affected users should ensure they are using updated versions of the Horde framework and Groupware to mitigate the risks associated with this vulnerability.

References

http://lists.horde.org/archives/announce/2009/000486.html
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2009...
vendor-advisoryx_refsource_SUSE
http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.