Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6365Cross-Site Request Forgery in Php-horde

CWE-352Cross-Site Request Forgery8 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 32.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Debian Php-hordeDebian Php-horde-kronolithDebian Linux+2 more
Timeline
PublishedNov 5
Latest updateMay 5

Description

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

NVDhorde/groupware5.1.2
debiandebian/php-horde< php-horde 5.1.5+debian0-1 (bookworm)
debiandebian/php-horde-kronolith< php-horde 5.1.5+debian0-1 (bookworm)
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-r97r-vhq5-2j7h: Horde Groupware Web mail 52022-05-05
OSV
CVE-2013-6365: Horde Groupware Web mail 52019-11-05

💥Exploits & PoCs

1
Exploit-DB
Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2)2013-11-08

📋Vendor Advisories

1
Debian
CVE-2013-6365: php-horde - Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions2013

💬Community

3
Bugzilla
CVE-2013-6364 CVE-2013-6365 horde: various flaws [epel-all]2013-11-04
Bugzilla
CVE-2013-6365 horde: CSRF in changing permissions functionality2013-11-04
Bugzilla
CVE-2013-6364 CVE-2013-6365 horde: various flaws [fedora-all]2013-11-04
CVE-2013-6365 — Cross-Site Request Forgery in Php-horde | cvebase