Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019
BID: 106018

Background

The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP.

Problem

A vulnerability in Horde IMP could allow unauthenticated command execution via imap_open in exposed debug page.

Resolution

Upgrade to Horde IMP version higher than 6.2.22 when available.

References

https://www.exploit-db.com/exploits/46136

Limitations

Back to exploit index