'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:Horde_Groupware_Webmail_Edition_Arbitrary_PHP_Code_Injection(Rule ID:1070210124)

Release Date2025/9/15

Rule NameCVE-2020-8518: Horde Groupware Webmail Edition arbitrary PHP code injection

Severity:critical

CVE IDCVE-2020-8518

 

Descripiton

Horde Groupware Webmail is a set of browser-based enterprise communication suites of Horde Corporation. Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.