Back to search
CVE-2015-7984
Published: Nov 19, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[announce] 20151021 [SECURITY] Horde 5.2.8 (final)
mailing-list
x_refsource_MLIST
[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)
mailing-list
x_refsource_MLIST
38765
exploit
x_refsource_EXPLOIT-DB
DSA-3391
vendor-advisory
x_refsource_DEBIAN
[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)
mailing-list
x_refsource_MLIST
https://www.htbridge.com/advisory/HTB23272
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now