Remote code execution vulnerability in Horde Groupware Webmail Edition by Horde Group
CVE-2022-30287

8HIGH

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
28 July 2022

What is CVE-2022-30287?

Horde Groupware Webmail Edition up to version 5.2.22 is susceptible to a reflection injection vulnerability that enables an attacker to instantiate a driver class. This flaw facilitates the arbitrary deserialization of PHP objects, potentially allowing for the execution of unwanted harmful code by the attacker. Proper validation and sanitization mechanisms are crucial to prevent exploitation of this vulnerability.

References

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.