// For flags

CVE-2015-7984

Horde Groupware 5.2.10 - Cross-Site Request Forgery

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.

Múltiples vulnerabilidades de CSRF en Horde en versiones anteriores a 5.2.8, Horde Groupware en versiones anteriores a 5.2.11 y Horde Groupware Webmail Edition en versiones anteriores a 5.2.11 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que ejecutan (1) comandos a través del parámetro cmd a admin/cmdshell.php, (2) consultas SQL a través del parámetro sql a admin/sqlshell.php o (3) código PHP a través del parámetro php a admin/phpshell.php arbitrarios.

Horde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-10-26 CVE Reserved
  • 2015-11-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-10-26 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
>= 5.0.0 < 5.2.11
Search vendor "Horde" for product "Groupware" and version " >= 5.0.0 < 5.2.11"
-
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
>= 5.0.0 < 5.2.11
Search vendor "Horde" for product "Groupware" and version " >= 5.0.0 < 5.2.11"
webmail
Affected
Horde
Search vendor "Horde"
Horde Application Framework
Search vendor "Horde" for product "Horde Application Framework"
>= 5.0.0 < 5.2.8
Search vendor "Horde" for product "Horde Application Framework" and version " >= 5.0.0 < 5.2.8"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected