|
============================================INTERNET SECURITY AUDITORS ALERT 2009-012
- Original release date: October 13th, 2009
- Last revised: December 16th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3701
- Severity: 6.3/10 (CVSS Base Score)
============================================
I. VULNERABILITY
-------------------------
Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability
II. BACKGROUND
-------------------------
The Horde Application Framework is a modular, general-purpose web
application framework written in PHP. It provides an extensive array
of classes that are targeted at the common problems and tasks involved
in developing modern web applications.
III. DESCRIPTION
-------------------------
Input passed to 'PHP_SELF' variable is not properly filtered before
being returned to the user. This can be explotied to inject arbitrary
HTML or to execute arbitrary script code in a user's browser session
in context of an affected site. In order to successfully exploit this
vulnerability the targeted user has to be logged as an administrator.
horde-3.3.5/admin/cmdshell.php:46: