Lucene search
Andrea CardaciZDI-20-276HistoryMar 10, 2020 - 12:00 a.m.
Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability
2020-03-1000:00:00
Andrea Cardaci
www.zerodayinitiative.com
16
EPSS
0.003
Percentile
71.3%
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user.
Related
ubuntucve
ubuntucve
CVE-2020-8865
2020-03-23 00:00:00
osv
osv
php-horde-trean - security update
2020-04-14 00:00:00
CVE-2020-8865
2020-03-23 21:15:12
cve
cve
CVE-2020-8865
2020-03-23 21:15:12
prion
prion
Design/Logic Flaw
2020-03-23 21:15:00
openvas
openvas
Debian: Security Advisory (DLA-2175-1)
2020-04-16 00:00:00
debiancve
debiancve
CVE-2020-8865
2020-03-23 21:15:12
nessus
nessus
Debian DLA-2175-1 : php-horde-trean security update
2020-04-15 00:00:00
cvelist
cvelist
CVE-2020-8865
2020-03-23 20:15:17
nvd
nvd
CVE-2020-8865
2020-03-23 21:15:12
debian
debian
[SECURITY] [DLA 2175-1] php-horde-trean security update
2020-04-15 03:03:16
packetstorm
packetstorm
Horde Groupware Webmail Edition 5.2.22 PHAR Loading
2020-03-12 00:00:00
Horde Groupware Webmail Edition 5.2.22 PHP File Inclusion
2020-03-12 00:00:00
exploitdb
exploitdb
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading
2020-03-11 00:00:00
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
2020-03-11 00:00:00
zdt
zdt
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion Exploit
2020-03-12 00:00:00
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading Exploit
2020-03-12 00:00:00