Back to search
CVE-2009-3236
Published: Sep 17, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
58107
vdb-entry
x_refsource_OSVDB
36882
third-party-advisory
x_refsource_SECUNIA
[horde-announce] 20090914 [announce] Horde Groupware 1.2.4 (final)
mailing-list
x_refsource_MLIST
36665
third-party-advisory
x_refsource_SECUNIA
DSA-1897
vendor-advisory
x_refsource_DEBIAN
[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.1.6 (final)
mailing-list
x_refsource_MLIST
[horde-announce] 20090914 [announce] Horde Groupware Webmail Edition 1.2.4 (final)
mailing-list
x_refsource_MLIST
[horde-announce] 20090914 [announce] [SECURITY] Horde 3.2.5 (final)
mailing-list
x_refsource_MLIST
[horde-announce] 20090914 [announce] [SECURITY] Horde 3.3.5 (final)
mailing-list
x_refsource_MLIST
horde-application-form-file-overwrite(53202)
vdb-entry
x_refsource_XF
[horde-announce] 20090914 [announce] Horde Groupware 1.1.6 (final)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now