Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-8866Unrestricted File Upload in Form

CWE-434Unrestricted File Upload6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
3.5%
top 12.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Horde FormDebian Php-horde-formHorde Groupware Webmail Edition+2 more
Timeline
PublishedMar 23
Latest updateMay 24

Description

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-101

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDhorde/groupware5.2.22
NVDhorde/horde_form< 2.0.20
debiandebian/php-horde-form< php-horde-form 2.0.20-1 (bookworm)

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-xrh9-pr8p-fpqj: This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 52022-05-24
OSV
CVE-2020-8866: This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 52020-03-23

💥Exploits & PoCs

2
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHAR Loading2020-03-11
Exploit-DB
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion2020-03-11

📋Vendor Advisories

1
Debian
CVE-2020-8866: php-horde-form - This vulnerability allows remote attackers to create arbitrary files on affected...2020