Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8865Relative Path Traversal in Groupware Webmail Edition

CWE-23Relative Path TraversalCWE-22Path Traversal7 documents6 sources
Severity
6.3MEDIUMNVD
EPSS
3.9%
top 11.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Horde Groupware Webmail EditionDebian LinuxHorde Groupware
Timeline
PublishedMar 23
Latest updateMay 24

Description

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDhorde/groupware5.2.22

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-ggc2-fj6j-c7cc: This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 52022-05-24
OSV
CVE-2020-8865: This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 52020-03-23
CVEList
CVE-2020-8865: This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 52020-03-23

💥Exploits & PoCs

2
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading2020-03-11
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion2020-03-11

📋Vendor Advisories

1
Debian
CVE-2020-8865: php-horde-trean - This vulnerability allows remote attackers to execute local PHP files on affecte...2020