Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Horde产品跨站请求伪造漏洞
Vulnerability Description
Horde、Horde Groupware和Horde Groupware Webmail Edition都是美国Horde公司产品。Horde是一套基于PHP的Web应用框架。Horde Groupware是一款免费的基于协作套件的浏览器。Horde Groupware Webmail Edition是一款免费的基于通信套件的企业浏览器。 多款Horde产品中存在跨站请求伪造漏洞,该漏洞源于admin/cmdshell.php脚本没有充分过滤‘cmd’参数;admin/sqlshell.php脚本没有充
CVSS Information
N/A
Vulnerability Type
N/A