Multiple cross-site request forgery (CSRF) vulnerabilities in Horde prior to 5.2.8, Horde Groupware prior to 5.2.11, and Horde Groupware Webmail Edition prior to 5.2.11 allow remote malicious users to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
horde groupware |
||
horde horde application framework |
||
debian debian linux 8.0 |