horde-webmail
Page content
- Author: vmiklos
- Vulnerable: 1.0.5-1
- Unaffected: 1.0.6-1kalgan1
A vulnerability has been reported in various Horde products, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system. Input passed to the “theme” parameter is not properly sanitised before being used. This can be exploited to include arbitrary files from local resources, using directory traversal attacks and URL-encoded NULL bytes ("%00"). NOTE: Other attack vectors are also reported to exist. Successful exploitation may allow execution of arbitrary code, but requires valid user credentials.
- Bug Tracker URL: http://bugs.frugalware.org/task/2910