CVE-2014-1691

Published: Apr 1, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215

x_refsource_CONFIRM

[oss-security] 20140128 Re: Remote code execution in horde < 5.1.1

mailing-list

x_refsource_MLIST

[oss-security] 20140128 Remote code execution in horde < 5.1.1

mailing-list

x_refsource_MLIST

[oss-security] 20140129 Re: Remote code execution in horde < 5.1.1

mailing-list

x_refsource_MLIST

DSA-2853

vendor-advisory

x_refsource_DEBIAN

https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-1691

Description

Affected Products

References