Object Injection Vulnerability in Horde Util Library
CVE-2014-1691

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
1 April 2014

What is CVE-2014-1691?

In versions of the Horde framework prior to 5.1.1, a vulnerability exists within the Util library's handling of serialized objects. This security flaw allows remote attackers to exploit object injection attacks, potentially leading to the execution of arbitrary PHP code. By crafting a malicious serialized object in the _formvars form, an attacker can manipulate the application to execute unintended commands, significantly impacting the security integrity of the affected system.

References

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.