Object Injection Vulnerability in Horde Util Library
CVE-2014-1691
Currently unrated
What is CVE-2014-1691?
In versions of the Horde framework prior to 5.1.1, a vulnerability exists within the Util library's handling of serialized objects. This security flaw allows remote attackers to exploit object injection attacks, potentially leading to the execution of arbitrary PHP code. By crafting a malicious serialized object in the _formvars form, an attacker can manipulate the application to execute unintended commands, significantly impacting the security integrity of the affected system.
