Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2020-8865

Published: 23/03/2020 Updated: 07/10/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8
VMScore: 660
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Horde

Vulnerability Summary

This vulnerability allows remote malicious users to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

horde groupware 5.2.22

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: php-horde-trean: CVE-2020-8865
Debian Bug report logs - #955019 php-horde-trean: CVE-2020-8865 Package: src:php-horde-trean; Maintainer for src:php-horde-trean is Horde Maintainers <team+debian-horde-team@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Mar 2020 20:57:01 UTC Severity: important Tags: securit ...

Exploits

Exploit DB: Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
## exploit-phar-loadingpy #!/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMP_DIR = '/tmp' WWW_ROOT = '/var/www/html' if len(sysargv) < 5: print('Usage: <base_url> <username> <password> <filename> <php_code>') sysexit(1) base_url = sysargv[1] username = sys ...
Exploit DB: Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
## exploit-inc-inclusionpy #!/usr/bin/env python3 from horde import Horde import subprocess import sys TEMP_DIR = '/tmp' if len(sysargv) < 5: print('Usage: <base_url> <username> <password> <filename> <php_code>') sysexit(1) base_url = sysargv[1] username = sysargv[2] password = sysargv[3] filename = ...

References

CWE-22https://www.zerodayinitiative.com/advisories/ZDI-20-276/https://lists.debian.org/debian-lts-announce/2020/04/msg00009.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955019https://nvd.nist.govhttps://www.exploit-db.com/exploits/48210
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook