Headline
CVE-2020-8866: ZDI-20-275
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
March 10th, 2020
Horde Groupware Webmail Edition add Page Unrestricted File Upload Arbitrary File Creation Vulnerability****ZDI-20-275
ZDI-CAN-10125
CVE ID
CVE-2020-8866
CVSS SCORE
4.3, (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
AFFECTED VENDORS
Horde
AFFECTED PRODUCTS
Groupware Webmail Edition
VULNERABILITY DETAILS
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability.
The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user.
ADDITIONAL DETAILS
Horde has issued an update to correct this vulnerability. More details can be found at:
https://lists.horde.org/archives/announce/2020/001288.html
DISCLOSURE TIMELINE
- 2020-02-26 - Vulnerability reported to vendor
- 2020-03-10 - Coordinated public release of advisory
CREDIT
Andrea Cardaci
BACK TO ADVISORIES