Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2020-8866

Published: 23/03/2020 Updated: 07/10/2022
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 410
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Horde

Vulnerability Summary

This vulnerability allows remote malicious users to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

horde groupware 5.2.22

horde horde form

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: php-horde-form: CVE-2020-8866
Debian Bug report logs - #955020 php-horde-form: CVE-2020-8866 Package: src:php-horde-form; Maintainer for src:php-horde-form is Horde Maintainers <team+debian-horde-team@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Mar 2020 21:15:01 UTC Severity: important Tags: security, ...

Exploits

Exploit DB: Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
## exploit-phar-loadingpy #!/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMP_DIR = '/tmp' WWW_ROOT = '/var/www/html' if len(sysargv) < 5: print('Usage: <base_url> <username> <password> <filename> <php_code>') sysexit(1) base_url = sysargv[1] username = sys ...
Exploit DB: Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
## exploit-inc-inclusionpy #!/usr/bin/env python3 from horde import Horde import subprocess import sys TEMP_DIR = '/tmp' if len(sysargv) < 5: print('Usage: <base_url> <username> <password> <filename> <php_code>') sysexit(1) base_url = sysargv[1] username = sysargv[2] password = sysargv[3] filename = ...

References

CWE-434https://www.zerodayinitiative.com/advisories/ZDI-20-275/https://lists.horde.org/archives/announce/2020/001288.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00036.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955020https://nvd.nist.govhttps://www.exploit-db.com/exploits/48210
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook