vulnerability

Debian: CVE-2020-8866: php-horde-form -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Mar 23, 2020	Mar 31, 2020	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Mar 23, 2020

Added

Mar 31, 2020

Modified

Mar 30, 2026

Description

This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.

Solution

debian-upgrade-php-horde-form

References

CVE-2020-8866
https://attackerkb.com/topics/CVE-2020-8866
CWE-434
DEBIAN-DLA-2162-1
EUVD-EUVD-2020-29708
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-29708

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today