Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-0932

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.

  • Published: Mar 17, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-0932
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
debian / horde 3.3.2 3.3.2.x
debian / horde 3.2 3.2.x
debian / horde_groupware 1.1.3 1.1.3.x
debian / horde 3.2.2 3.2.2.x
debian / horde_groupware 1.1.1 1.1.1.x
debian / horde 3.3.1 3.3.1.x
debian / horde 3.2.3 3.2.3.x
debian / horde 3.3 3.3.x
debian / horde_groupware 1.1.2 1.1.2.x
debian / horde_groupware 1.1.4 1.1.4.x