Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6275Cross-Site Request Forgery in Groupware

CWE-352Cross-Site Request Forgery6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
1.7%
top 17.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Horde GroupwareDebian Linux
Timeline
PublishedNov 5
Latest updateMay 5

Description

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDhorde/groupware5.1.2

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-p8w4-jhm7-qh3w: Multiple CSRF issues in Horde Groupware Webmail Edition 52022-05-05
CVEList
CVE-2013-6275: Multiple CSRF issues in Horde Groupware Webmail Edition 52019-11-05
OSV
CVE-2013-6275: Multiple CSRF issues in Horde Groupware Webmail Edition 52019-11-05

💥Exploits & PoCs

1
Exploit-DB
Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)2013-10-29

📋Vendor Advisories

1
Debian
CVE-2013-6275: php-horde-ingo - Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in bas...2013