Back to CVE Browser

CVE-2020-8518

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0060%

EPSS Percentile43.27th

PublishedFeb 17, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

Affected Platforms (CPE)

📦

Horde

Groupware

= 5.2.22

💻

Fedoraproject

Fedora

= 30

💻

Fedoraproject

Fedora

= 31

💻

Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html

🔗 https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T/

🔗 https://lists.horde.org/archives/announce/2020/001285.html

🔗 http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html

🔗 https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/

Related Vulnerabilities

CVE-2008-721910.0

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2....

CVE-2008-721810.0

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 ...

CVE-2005-364010.0

Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute a...

CVE-2019-199079.8

HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by...