File Overwrite Vulnerability in Horde Application Framework and Groupware Products
CVE-2009-3236

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
17 September 2009

What is CVE-2009-3236?

A vulnerability exists in the Horde Application Framework and related products due to improper handling of temporary filenames during file uploads. This allows authorized remote attackers with write access to the address book to overwrite arbitrary files and potentially execute PHP code through specially crafted Horde_Form_Type_image form fields. Users of affected versions are strongly advised to upgrade to the latest releases to mitigate this risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.