Vulnerability
Here RCE is performed over Horde Groupware.On affected Horde Groupware Webmail Edition 5.2.22 installations, this vulnerability enables remote attackers to build arbitrary files.To take advantage of this flaw, you’ll need to be authenticated.The basic vulnerability is found in the php file.The problem stems from a lack of proper validation of user-supplied data, which allows arbitrary files to be uploaded.
Mitigation / Precaution
- We recommend you to Sanitize user inputs.
- In order to patch this vulnerability, please install the official patch Horde Groupware made available for supported, vulnerable instances.We suggest that you update Horde Groupware Webmail to a version greater than 5.2.22 in order to fix this vulnerability.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
