File Overwrite Vulnerability in Horde Application Framework and Groupware Products
CVE-2009-3236
Currently unrated
Key Information:
- Vendor
Horde
- Vendor
- CVE Published:
- 17 September 2009
What is CVE-2009-3236?
A vulnerability exists in the Horde Application Framework and related products due to improper handling of temporary filenames during file uploads. This allows authorized remote attackers with write access to the address book to overwrite arbitrary files and potentially execute PHP code through specially crafted Horde_Form_Type_image form fields. Users of affected versions are strongly advised to upgrade to the latest releases to mitigate this risk.
