cbcvebase.
CVE-2009-0932
published 2009-03-17

CVE-2009-0932: Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to…

PriorityP353medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
41.26%
98.5th percentile
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianhorde
debianhorde
debianhorde
debianhorde
debianhorde
debianhorde
debianhorde_groupware
debianhorde_groupware
debianhorde_groupware
debianhorde_groupware

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.