Описание
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php-horde-image | fixed | 2.5.1-1 | package |
Примечания
https://lists.horde.org/archives/announce/2017/001234.html
https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13
Regression in upstream patch, fixing in https://github.com/horde/Image/pull/1
EPSS
Процентиль: 91%
0.07066
Низкий
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 8 лет назад
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
CVSS3: 8.8
nvd
больше 8 лет назад
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
CVSS3: 8.8
github
больше 3 лет назад
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
EPSS
Процентиль: 91%
0.07066
Низкий