CVE-2008-0807

EPSS 0.56%
Published 19.02.2008 01:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Horde ≫ Groupware Version1.0.3

   Debian ≫ Debian Linux Version4.0
   Debian ≫ Debian Linux Version4.0 Editionalpha
   Debian ≫ Debian Linux Version4.0 Editionamd64
   Debian ≫ Debian Linux Version4.0 Editionarm
   Debian ≫ Debian Linux Version4.0 Editionhppa
   Debian ≫ Debian Linux Version4.0 Editionia-32
   Debian ≫ Debian Linux Version4.0 Editionia-64
   Debian ≫ Debian Linux Version4.0 Editionm68k
   Debian ≫ Debian Linux Version4.0 Editionmips
   Debian ≫ Debian Linux Version4.0 Editionmipsel
   Debian ≫ Debian Linux Version4.0 Editionpowerpc
   Debian ≫ Debian Linux Version4.0 Editions-390
   Debian ≫ Debian Linux Version4.0 Editionsparc

Horde ≫ Groupware Webmail Edition Version1.0.4