|
|||
Rule General Information |
---|
Release Date: | 2020-03-25 | |
Rule Name: | Horde CSV import arbitrary PHP code execution Vulnerability (CVE-2020-8518) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Others | |
Reference: | http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T/ https://lists.horde.org/archives/announce/2020/001285.html |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://bodhi.fedoraproject.org/updates/FEDORA-2020-0248ad925e |