Lucene search

ZdiCVE-2020-8865

HistoryMar 23, 2020 - 9:15 p.m.

CVE-2020-8865

2020-03-2321:15:12

CWE-23

CWE-22

zdi

web.nvd.nist.gov

vulnerability

cve-2020-8865

remote code execution

horde groupware webmail

webmail

authentication

zdi-can-10469

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.

Affected configurations

Nvd

Vulners

Node

hordegroupwareMatch5.2.22webmail

Node

debiandebian_linuxMatch8.0

VendorProductVersionCPE
hordegroupware5.2.22cpe:2.3:a:horde:groupware:5.2.22:*:*:*:webmail:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
horde	groupware	5.2.22	cpe:2.3:a:horde:groupware:5.2.22::::webmail:::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*

CNA Affected

[
  {
    "product": "Groupware Webmail Edition",
    "vendor": "Horde",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.22"
      }
    ]
  }
]