Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-58451— Horde IMP < 7.0.1 Path Traversal via Compose.php img src

CVSS 6.5 · Medium EPSS 0.34% · P26

Affected Version Matrix 1

VendorProductVersion RangeStatus
hordeimp< 7.0.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-58451

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Horde IMP < 7.0.1 Path Traversal via Compose.php img src
Source: NVD (National Vulnerability Database)
Vulnerability Description
Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos() prefix validation by appending sequences such as traversal segments after the matching prefix, causing file_get_contents() to read sensitive files whose contents are then exfiltrated as MIME parts in outgoing email; unauthenticated exploitation is also achievable via CSRF against an active authenticated session.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
hordeimp 0 ~ 7.0.1 -

II. Public POCs for CVE-2026-58451

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-58451

登录查看更多情报信息。

Patches & Fixes for CVE-2026-58451 (2)

Vendor Advisories for CVE-2026-58451 (1)

Security Blog Posts for CVE-2026-58451 (1)

Vendor Pages for CVE-2026-58451 (2)

IV. Related Vulnerabilities

V. Comments for CVE-2026-58451

No comments yet


Leave a comment