4.9

CVE-2008-0807

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HordeGroupware Version1.0.3
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
HordeGroupware Webmail Edition Version1.0.4
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
HordeTurba Contact Manager Version2.1.6
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.686
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 6.8 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/29184
http://secunia.com/advisories/29185
http://secunia.com/advisories/29186
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058
http://lists.horde.org/archives/announce/2008/000378.html
Patch
http://lists.horde.org/archives/announce/2008/000379.html
Patch
http://lists.horde.org/archives/announce/2008/000380.html
Patch
http://lists.horde.org/archives/announce/2008/000381.html
Patch
http://secunia.com/advisories/28982
Vendor Advisory
http://secunia.com/advisories/29071
http://www.debian.org/security/2008/dsa-1507
http://www.securityfocus.com/bid/27844
Patch
http://www.securitytracker.com/id?1019433
http://www.vupen.com/english/advisories/2008/0593/references
https://bugzilla.redhat.com/show_bug.cgi?id=432027