Executive Summary

Titlephp-horde-form security update
NameDSA-4468First vendor Publication2019-06-21
VendorDebianLast vendor Modification2019-06-21
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score6.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores


A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.

For the stable distribution (stretch), this problem has been fixed in version 2.0.15-1+deb9u1.

We recommend that you upgrade your php-horde-form packages.

For the detailed security status of php-horde-form please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-horde-form

Original Source

Url : http://www.debian.org/security/2019/dsa-4468

CWE : Common Weakness Enumeration

100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration


Snort® IPS/IDS

2019-05-09Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload ...
RuleID : 49714 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
2019-06-21 13:18:36
  • First insertion