Horde Imp Unauthenticated Remote Command Execution
Added: 01/18/2019BID: 106018
Background
The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP.Problem
A vulnerability in Horde IMP could allow unauthenticated command execution via imap_open in exposed debug page.Resolution
Upgrade to Horde IMP version higher than 6.2.22 when available.References
https://www.exploit-db.com/exploits/46136Limitations
Back to exploit index