Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1474Argument Injection in Application Framework

4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
1.7%
top 17.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Horde Application FrameworkHorde IMP
Timeline
PublishedMar 16
Latest updateMay 1

Description

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDhorde/horde_application_framework3.0.0, 3.0.4, 3.1.3+2
NVDhorde/imp21 versions+20

Patches

Patch: lists.horde.orgPatch: lists.horde.org

🔴Vulnerability Details

1
GHSA
GHSA-j5cq-w784-xr7r: Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 32022-05-01

💥Exploits & PoCs

1
Exploit-DB
Horde Framework and IMP 2.x/3.x - Cleanup Cron Script Arbitrary File Deletion2007-03-15

💬Community

1
Bugzilla
CVE-2007-1473, CVE-2007-1474: horde < 3.1.4 vulnerabilities2007-03-18