CVE-2009-0932
published 2009-03-17CVE-2009-0932: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to…
PriorityP353medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
41.26%
98.5th percentile
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde | — | — |
| debian | horde_groupware | — | — |
| debian | horde_groupware | — | — |
| debian | horde_groupware | — | — |
| debian | horde_groupware | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
horde: XSS vulnerability and directory traversal vulnerability
vendor_redhat·2009-01-27·CVSS 6.4
CVE-2009-0932 [MEDIUM] CWE-79 horde: XSS vulnerability and directory traversal vulnerability
horde: XSS vulnerability and directory traversal vulnerability
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
GHSA
GHSA-j5w4-f7qm-4ww8: Directory traversal vulnerability in framework/Image/Image
ghsa_unreviewed·2022-05-02
CVE-2009-0932 [MEDIUM] CWE-22 GHSA-j5w4-f7qm-4ww8: Directory traversal vulnerability in framework/Image/Image
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
No detection rules found.
Exploit-DB
Horde - Horde_Image::factory driver Argument Local File Inclusion
exploitdb·2011-02-11·CVSS 6.4
CVE-2009-0932 [MEDIUM] Horde - Horde_Image::factory driver Argument Local File Inclusion
Horde - Horde_Image::factory driver Argument Local File Inclusion
---
# Exploit Title: Horde Horde_Image::factory driver Argument Local File
Inclusion
# Google Dork: intitle:horde
# Date: 10-02-2011
# Author: skysbsb
# Software Link: http://www.horde.org/download/
# Version: Horde 3.3.2
# Tested on: linux
# CVE : CVE-2009-0932
The original disclosure was done by Gunnar Wrobel from Horde team.. it was
found in a code audit (january 2009).
It's an old vuln(2009) but still unpublished in exploit-db. There is a lot
of vulnerables sites out there. Just try google =)
Vuln description:
The version of Horde, Horde Groupware, or Horde Groupware Webmail Edition
installed on the remote host fails to filter input to the 'driver' argument
of the 'Horde_Image::factory' method before using it to inc
Nuclei
Horde/Horde Groupware - Local File Inclusion
nuclei·CVSS 6.4
CVE-2009-0932 [MEDIUM] Horde/Horde Groupware - Local File Inclusion
Horde/Horde Groupware - Local File Inclusion
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
Template:
id: CVE-2009-0932
info:
name: Horde/Horde Groupware - Local File Inclusion
author: pikpikcu
severity: medium
description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
impact: |
An attacker can exploit this vulnerability to read sens
http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503http://lists.horde.org/archives/announce/2009/000482.htmlhttp://lists.horde.org/archives/announce/2009/000483.htmlhttp://lists.horde.org/archives/announce/2009/000486.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/33695http://secunia.com/advisories/34418http://secunia.com/advisories/34609http://securityreason.com/securityalert/8077http://www.securityfocus.com/bid/33491http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503http://lists.horde.org/archives/announce/2009/000482.htmlhttp://lists.horde.org/archives/announce/2009/000483.htmlhttp://lists.horde.org/archives/announce/2009/000486.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/33695http://secunia.com/advisories/34418http://secunia.com/advisories/34609http://securityreason.com/securityalert/8077http://www.securityfocus.com/bid/33491
2009-03-17
Published