Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Disclosure of sensitive information in Horde Groupware
Vulnerability Description
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Horde Groupware 信息泄露漏洞
Vulnerability Description
Horde Groupware是Horde开源的一个协作软件套件。 Horde Groupware v5.2.22版本存在信息泄露漏洞,该漏洞源于未经验证的攻击者可通过发送HTTP请求确定有效账户是否存在。
CVSS Information
N/A
Vulnerability Type
N/A