Here RCE is performed over Horde Groupware.On affected Horde Groupware Webmail Edition 5.2.22 installations, this vulnerability enables remote attackers to build arbitrary files.To take advantage of this flaw, you’ll need to be authenticated.The basic vulnerability is found in the php file.The problem stems from a lack of proper validation of user-supplied data, which allows arbitrary files to be uploaded.
Mitigation / Precaution
- We recommend you to Sanitize user inputs.
- In order to patch this vulnerability, please install the official patch Horde Groupware made available for supported, vulnerable instances.We suggest that you update Horde Groupware Webmail to a version greater than 5.2.22 in order to fix this vulnerability.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.