CVE-2020-8865

moderate-risk

Published 2020-03-23

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10469.

Do I need to act?

3.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

2 public exploits available

48210, 48209

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

NETWORK / LOW complexity

Affected Products (2)

Groupware

Debian Linux

Affected Vendors

Debian Horde

References (4)

Mailing List https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-20-276/

Mailing List https://lists.debian.org/debian-lts-announce/2020/04/msg00009.html

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-20-276/

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 7/34 · Low

Exposure 7/34 · Low