Lucene search

[email protected]CVE-2009-3236

HistorySep 17, 2009 - 10:30 a.m.

CVE-2009-3236

2009-09-1710:30:01

[email protected]

web.nvd.nist.gov

cve-2009-3236

horde application framework

remote code execution

php

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

78.9%

JSON

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.

Affected configurations

NVD

Node

hordeapplication_frameworkMatch3.2

hordeapplication_frameworkMatch3.2.1

hordeapplication_frameworkMatch3.2.2

hordeapplication_frameworkMatch3.2.3

hordeapplication_frameworkMatch3.2.4

hordeapplication_frameworkMatch3.3

hordeapplication_frameworkMatch3.3.1

hordeapplication_frameworkMatch3.3.2

hordeapplication_frameworkMatch3.3.3

hordeapplication_frameworkMatch3.3.4

hordegroupwareMatch1.1

hordegroupwareMatch1.1.1

hordegroupwareMatch1.1.2

hordegroupwareMatch1.1.3

hordegroupwareMatch1.1.4

hordegroupwareMatch1.1.5

hordegroupwareMatch1.2

hordegroupwareMatch1.2rc1

hordegroupwareMatch1.2.1

hordegroupwareMatch1.2.2

hordegroupwareMatch1.2.3

Node

hordegroupwareMatch1.1

hordegroupwareMatch1.1rc1

hordegroupwareMatch1.1rc2

hordegroupwareMatch1.1rc3

hordegroupwareMatch1.1rc4

hordegroupwareMatch1.1.1

hordegroupwareMatch1.1.2

hordegroupwareMatch1.1.3

hordegroupwareMatch1.1.4

hordegroupwareMatch1.1.5

hordegroupwareMatch1.2

hordegroupwareMatch1.2rc1

hordegroupwareMatch1.2.1

hordegroupwareMatch1.2.2

hordegroupwareMatch1.2.3

hordegroupwareMatch1.2.3rc1

VendorProductVersionCPE
hordegroupware1.1.5cpe:/a:horde:groupware:1.1.5:::
hordeapplication_framework3.3cpe:/a:horde:application_framework:3.3:::
hordegroupware1.1.2cpe:/a:horde:groupware:1.1.2:::
hordegroupware1.2cpe:/a:horde:groupware:1.2:rc1::
hordeapplication_framework3.2cpe:/a:horde:application_framework:3.2:::
hordegroupware1.2.2cpe:/a:horde:groupware:1.2.2:::
hordegroupware1.1.4cpe:/a:horde:groupware:1.1.4:::
hordeapplication_framework3.2.2cpe:/a:horde:application_framework:3.2.2:::
hordeapplication_framework3.2.4cpe:/a:horde:application_framework:3.2.4:::
hordegroupware1.1.1cpe:/a:horde:groupware:1.1.1:::

Vendor	Product	Version	CPE
horde	groupware	1.1.5	cpe:/a:horde:groupware:1.1.5:::
horde	application_framework	3.3	cpe:/a:horde:application_framework:3.3:::
horde	groupware	1.1.2	cpe:/a:horde:groupware:1.1.2:::
horde	groupware	1.2	cpe:/a:horde:groupware:1.2:rc1::
horde	application_framework	3.2	cpe:/a:horde:application_framework:3.2:::
horde	groupware	1.2.2	cpe:/a:horde:groupware:1.2.2:::
horde	groupware	1.1.4	cpe:/a:horde:groupware:1.1.4:::
horde	application_framework	3.2.2	cpe:/a:horde:application_framework:3.2.2:::
horde	application_framework	3.2.4	cpe:/a:horde:application_framework:3.2.4:::
horde	groupware	1.1.1	cpe:/a:horde:groupware:1.1.1:::