OS Command Injection Vulnerability in Horde Groupware Webmail Edition by Horde
CVE-2017-7414
7.5HIGH
What is CVE-2017-7414?
The vulnerability arises in Horde_Crypt prior to version 2.7.6, affecting users of Horde Groupware Webmail Edition 5.x up to 5.2.17. If users enable PGP features in their preferences, particularly the automatic verification of PGP signed messages, an attacker can exploit this flaw. By sending a maliciously crafted PGP signed email, the attacker can execute OS commands on the user's server when the email is viewed or previewed, posing a significant risk to the system's integrity and data security.
