4.3

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with privileges to write to the address book, to overwrite arbitrary files and execute PHP code via crafted Horde_Form_Type_image form field elements.

Data is provided by the National Vulnerability Database (NVD)
HordeApplication Framework Version3.2
HordeApplication Framework Version3.2.1
HordeApplication Framework Version3.2.2
HordeApplication Framework Version3.2.3
HordeApplication Framework Version3.2.4
HordeApplication Framework Version3.3
HordeApplication Framework Version3.3.1
HordeApplication Framework Version3.3.2
HordeApplication Framework Version3.3.3
HordeApplication Framework Version3.3.4
HordeGroupware Version1.1
HordeGroupware Version1.1.1
HordeGroupware Version1.1.2
HordeGroupware Version1.1.3
HordeGroupware Version1.1.4
HordeGroupware Version1.1.5
HordeGroupware Version1.2
HordeGroupware Version1.2 Updaterc1
HordeGroupware Version1.2.1
HordeGroupware Version1.2.2
HordeGroupware Version1.2.3
HordeGroupware Version1.1
HordeGroupware Version1.1 Updaterc1
HordeGroupware Version1.1 Updaterc2
HordeGroupware Version1.1 Updaterc3
HordeGroupware Version1.1 Updaterc4
HordeGroupware Version1.1.1
HordeGroupware Version1.1.2
HordeGroupware Version1.1.3
HordeGroupware Version1.1.4
HordeGroupware Version1.1.5
HordeGroupware Version1.2
HordeGroupware Version1.2 Updaterc1
HordeGroupware Version1.2.1
HordeGroupware Version1.2.2
HordeGroupware Version1.2.3
HordeGroupware Version1.2.3 Updaterc1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.84% 0.725
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N