Lucene search

MitreCVE-2008-0807

HistoryFeb 19, 2008 - 1:00 a.m.

CVE-2008-0807

2008-02-1901:00:00

CWE-264

mitre

web.nvd.nist.gov

cve-2008-0807

turba contact manager

remote exploit

access rights issue

address book modification

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

AI Score

5.9

Confidence

Low

EPSS

0.002

Percentile

57.8%

JSON

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

Affected configurations

Nvd

Node

debiandebian_linuxMatch4.0

debiandebian_linuxMatch4.0alpha

debiandebian_linuxMatch4.0amd64

debiandebian_linuxMatch4.0arm

debiandebian_linuxMatch4.0hppa

debiandebian_linuxMatch4.0ia-32

debiandebian_linuxMatch4.0ia-64

debiandebian_linuxMatch4.0m68k

debiandebian_linuxMatch4.0mips

debiandebian_linuxMatch4.0mipsel

debiandebian_linuxMatch4.0powerpc

debiandebian_linuxMatch4.0s-390

debiandebian_linuxMatch4.0sparc

AND

hordegroupwareMatch1.0.3

hordegroupware_webmail_editionMatch1.0.4

hordeturba_contact_managerMatch2.1.6

VendorProductVersionCPE
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*

Vendor	Product	Version	CPE
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0:::::::*
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::alpha:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::amd64:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::arm:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::hppa:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::ia-32:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::ia-64:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::m68k:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::mips:::::
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0::mipsel:::::