CVE-2015-7984
Horde Groupware 5.2.10 - Cross-Site Request Forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
Múltiples vulnerabilidades de CSRF en Horde en versiones anteriores a 5.2.8, Horde Groupware en versiones anteriores a 5.2.11 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.11 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que ejecutan (1) comandos a través del parámetro cmd a admin/cmdshell.php, (2) consultas SQL a través del parámetro sql a admin/sqlshell.php o (3) código PHP a través del parámetro php a admin/phpshell.php arbitrarios.
Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-26 CVE Reserved
- 2015-11-19 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38765 | 2024-08-06 | |
| https://www.htbridge.com/advisory/HTB23272 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.horde.org/archives/announce/2015/001124.html | 2021-05-19 | |
| http://lists.horde.org/archives/announce/2015/001137.html | 2021-05-19 | |
| http://lists.horde.org/archives/announce/2015/001138.html | 2021-05-19 | |
| http://www.debian.org/security/2015/dsa-3391 | 2021-05-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | >= 5.0.0 < 5.2.11 Search vendor "Horde" for product "Groupware" and version " >= 5.0.0 < 5.2.11" | - |
Affected
| ||||||
| Horde Search vendor "Horde" | Groupware Search vendor "Horde" for product "Groupware" | >= 5.0.0 < 5.2.11 Search vendor "Horde" for product "Groupware" and version " >= 5.0.0 < 5.2.11" | webmail |
Affected
| ||||||
| Horde Search vendor "Horde" | Horde Application Framework Search vendor "Horde" for product "Horde Application Framework" | >= 5.0.0 < 5.2.8 Search vendor "Horde" for product "Horde Application Framework" and version " >= 5.0.0 < 5.2.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||