CVE-2007-1474

EPSS 1.65%
Published 16.03.2007 21:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Horde ≫ Horde Application Framework Version3.0.0

Horde ≫ Horde Application Framework Version3.0.4

Horde ≫ Horde Application Framework Version3.1.3

Horde ≫ Imp Version2.0

Horde ≫ Imp Version2.2

Horde ≫ Imp Version2.2.1

Horde ≫ Imp Version2.2.2

Horde ≫ Imp Version2.2.3

Horde ≫ Imp Version2.2.4

Horde ≫ Imp Version2.2.5

Horde ≫ Imp Version2.2.6

Horde ≫ Imp Version2.2.7

Horde ≫ Imp Version2.2.8

Horde ≫ Imp Version2.3

Horde ≫ Imp Version3.0

Horde ≫ Imp Version3.1

Horde ≫ Imp Version3.1.2

Horde ≫ Imp Version3.2

Horde ≫ Imp Version3.2.1

Horde ≫ Imp Version3.2.2

Horde ≫ Imp Version3.2.3

Horde ≫ Imp Version3.2.4

Horde ≫ Imp Version3.2.5

Horde ≫ Imp Version3.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.65%	0.812

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/27565

http://www.debian.org/security/2007/dsa-1406

http://lists.horde.org/archives/announce/2007/000315.html

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2007/0965

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489

Vendor Advisory

http://www.securityfocus.com/bid/22985

http://www.securitytracker.com/id?1017784

http://www.securitytracker.com/id?1017785

https://exchange.xforce.ibmcloud.com/vulnerabilities/32997

https://nvd.nist.gov/vuln/detail/CVE-2007-1474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1474

EUVD