Lucene search

PRIOn knowledge basePRION:CVE-2020-8518

HistoryFeb 17, 2020 - 3:15 p.m.

Design/Logic Flaw

2020-02-1715:15:00

PRIOn knowledge base

www.prio-n.com

9.9 High

AI Score

Confidence

High

0.965 High

EPSS

Percentile

99.6%

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

CPENameOperatorVersion
debian_linuxeq8.0
fedoraeq30
fedoraeq31
groupwareeq5.2.22

Name	Operator	Version
debian_linux	eq	8.0
fedora	eq	30
fedora	eq	31
groupware	eq	5.2.22

References

packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html

lists.debian.org/debian-lts-announce/2020/04/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T/

lists.horde.org/archives/announce/2020/001285.html