|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-09-15 | |
| Rule Name: | Horde Groupware Webmail Edition Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | This vulnerability allows a remote attacker to execute arbitrary code on an affected Horde Groupware Webmail Edition installation. Use authentication to exploit this vulnerability. The specific flaw exists in Sort.php. When parsing the sortpref parameter, the process cannot correctly verify the data provided by the user, which may lead to the deserialization of untrusted data. An attacker can use this vulnerability to execute code in the context of the www-data user. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Others | |
| Reference: | https://www.zerodayinitiative.com/advisories/ZDI-20-1051/ |
|
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |