Main Vulnerability Database Exploits ID:3933 - Exploit for Code Injection in Horde Application Framework - CVE-2014-1691

ID:3933 - Exploit for Code Injection in Horde Application Framework - CVE-2014-1691

Published: August 11, 2020

Vulnerability identifier: #VU41855

Vulnerability risk: Medium

CVE-ID: CVE-2014-1691

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
Horde Application Framework

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/unix/webapp/horde_unserialize_exec

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.

Remediation

Install update from vendor's website.

ID:3933 - Exploit for Code Injection in Horde Application Framework - CVE-2014-1691

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human