Vulnerability CVE-2014-1691

Vulnerability CVE-2014-1691

Published: 2014-04-01

Description:

	Topic	Author	Date
High	horde < 5.1.1 Remote code execution	Pedro	29.01.2014
High	Horde Framework Unserialize PHP Code Execution	Juan vazquez	21.03.2014
High	Horde Framework Unserialize PHP Code Execution Standalone Exploit	irrlicht	30.06.2014

Type:

(Improper Control of Generation of Code ('Code Injection'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Horde -> Horde application framework

https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3

http://seclists.org/oss-sec/2014/q1/156

http://seclists.org/oss-sec/2014/q1/153

https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215

http://www.debian.org/security/2014/dsa-2853

http://seclists.org/oss-sec/2014/q1/169