CVE-2001-1258 — IMP vulnerability

2 documents2 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 70.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Horde IMP

Timeline

PublishedJul 21

Latest updateApr 30

Description

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶NVDhorde/imp7 versions+6

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-grxv-g75f-w57w: Horde Internet Messaging Program (IMP) before 2↗2022-04-30

▶