HIGH🇬🇧 English

CVE-2012-0209

CVSS 7.5v2.0pub. 2012-09-25upd. 2026-04-29

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Horde Groupware

    APP
    Horde
    1.2.10
  • Horde

    APP
    Horde
    3.3.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-8518CRITICAL9.8ten sam produkt

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote ...

CVE-2022-30287HIGH8.0ten sam produkt

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker ...

CVE-2013-6364HIGH8.8ten sam produkt

Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

CVE-2019-12095HIGH8.8ten sam produkt

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as dem...

CVE-2019-9858HIGH8.8ten sam produkt

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contain...