Directory traversal vulnerability in Horde 3.1.6, Groupware prior to 1.0.5, and Groupware Webmail Edition prior to 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
horde groupware webmail edition |
||
horde horde 3.1.6 |
||
horde groupware |