Remote code execution vulnerability in Horde Groupware Webmail Edition by Horde Group
CVE-2022-30287
8HIGH
What is CVE-2022-30287?
Horde Groupware Webmail Edition up to version 5.2.22 is susceptible to a reflection injection vulnerability that enables an attacker to instantiate a driver class. This flaw facilitates the arbitrary deserialization of PHP objects, potentially allowing for the execution of unwanted harmful code by the attacker. Proper validation and sanitization mechanisms are crucial to prevent exploitation of this vulnerability.
References
EPSS Score
70% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
