Trojan Horse Vulnerability in Horde Groupware Products
CVE-2012-0209

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
25 September 2012

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 71%

What is CVE-2012-0209?

The identified vulnerability involves a malicious modification introduced into Horde 3.3.12 and its Groupware editions, specifically within the 'templates/javascript/open_calendar.js' file. This modification enables attackers to remotely execute arbitrary PHP code, posing significant security risks. The affected versions were distributed via FTP between November 2011 and February 2012, highlighting the urgent need for users to address this threat to safeguard their applications from exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

.