CVE-2007-1474

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

Published: Mar 16, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1474
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
horde / imp	2.2.7	2.2.7.x
horde / imp	2.2.5	2.2.5.x
horde / horde_application_framework	3.0.0	3.0.0.x
horde / imp	3.1	3.1.x
horde / horde_application_framework	3.0.4	3.0.4.x
horde / imp	3.2.4	3.2.4.x
horde / imp	3.1.2	3.1.2.x
horde / imp	2.2.1	2.2.1.x
horde / imp	3.2.2	3.2.2.x
horde / imp	2.2.2	2.2.2.x
horde / imp	2.2.4	2.2.4.x
horde / imp	2.0	2.0.x
horde / imp	2.2.6	2.2.6.x
horde / imp	3.2.3	3.2.3.x
horde / imp	3.2.5	3.2.5.x
horde / imp	3.2.6	3.2.6.x
horde / imp	2.2	2.2.x
horde / imp	2.3	2.3.x
horde / imp	3.2	3.2.x
horde / imp	2.2.8	2.2.8.x
horde / imp	2.2.3	2.2.3.x
horde / horde_application_framework	3.1.3	3.1.3.x
horde / imp	3.0	3.0.x
horde / imp	3.2.1	3.2.1.x

Vulnerability Database

289,782

CVE-2007-1474