// For flags

CVE-2020-8865

Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability

Severity Score

6.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.

Esta vulnerabilidad permite a atacantes remotos ejecutar archivos PHP locales sobre las instalaciones afectadas de Horde Groupware Webmail Edition versión 5.2.22. Es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del archivo edit.php. Cuando se analiza el parámetro params[template], el proceso no comprueba apropiadamente una ruta suministrada por el usuario antes de usarla en operaciones de archivo. Un atacante puede aprovechar esto en conjunto con otras vulnerabilidades para ejecutar código en el contexto del usuario www-data. Fue ZDI-CAN-10469.

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability.
The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user.

Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.

*Credits: Andrea Cardaci
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-02-11 CVE Reserved
  • 2020-03-10 CVE Published
  • 2020-03-11 First Exploit
  • 2024-03-16 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-23: Relative Path Traversal
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.22
Search vendor "Horde" for product "Groupware" and version "5.2.22"
webmail
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected