CVE-2009-0932

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:horde:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde:3.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde_groupware:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde_groupware:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde_groupware:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde_groupware:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:horde:3.3.2:*:*:*:*:*:*:*

Information

Published : 2009-03-17 14:30

Updated : 2011-09-21 20:07


NVD link : CVE-2009-0932

Mitre link : CVE-2009-0932


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

debian

  • horde
  • horde_groupware