Debian Php-Horde-Trean vulnerabilities
2 known vulnerabilities affecting debian/php-horde-trean.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-8865P3MEDIUMCVSS 6.3PoCfixed in php-horde-trean 1.1.10-1 (bookworm)2020
CVE-2020-8865 [MEDIUM] CVE-2020-8865: php-horde-trean - This vulnerability allows remote attackers to execute local PHP files on affecte...
This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using i
debian
CVE-2019-12095P3HIGHCVSS 8.8fixed in php-horde 5.2.21+debian0-1 (bookworm)2019
CVE-2019-12095 [HIGH] CVE-2019-12095: php-horde - Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other...
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
Scope: local
bookworm: resolved (fixed in 5.2.21+debian0-1)
bullseye: resolved (fixed in 5.2.21+debian0
debian