CVSS: 8.8EPSS: 94%CPEs: 4EXPL: 2CVE-2019-9858 – Horde Form Shell Upload
https://notcve.org/view.php?id=CVE-2019-9858
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) .. • http://packetstormsecurity.com/files/152476/Horde-Form-Shell-Upload.html https://lists.debian.org/debian-lts-announce/2019/06/msg00007.html https://seclists.org/bugtraq/2019/Jun/31 https://ssd-disclosure.com/?p=3814&preview=true https://www.debian.org/security/2019/dsa-4468 https://www.ratiosec.com/2019/horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 94%CPEs: 1EXPL: 0CVE-2017-7413
https://notcve.org/view.php?id=CVE-2017-7413
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza en Horde Groupware Webmail Edition hasta la versión 5.2.17, OS Comand Inyection puede ocurrir si el atacante es un usuario autenticado Horde Webmail, tiene características PGP habilitado en sus preferencias,e intenta cifrar un correo electrónico a una maliciosa dirección de correo electrónico manipulada. • https://lists.debian.org/debian-lts-announce/2018/06/msg00006.html https://lists.horde.org/archives/horde/Week-of-Mon-20170403/056767.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •