Andrea Cardaci

4 exploits Active since Feb 2020
CVE-2020-8518 METASPLOIT CRITICAL ruby WORKING POC
Horde Groupware Webmail Edition <5.2.22 - Code Injection
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
CVSS 9.8
CVE-2020-8866 EXPLOITDB MEDIUM python WORKING POC
Horde Groupware Webmail Edition 5.2.22 - RCE
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
CVSS 6.5
CVE-2020-8866 EXPLOITDB MEDIUM python WORKING POC
Horde Groupware Webmail Edition 5.2.22 - RCE
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
CVSS 6.5
CVE-2020-8518 EXPLOITDB CRITICAL bash WORKING POC
Horde Groupware Webmail Edition <5.2.22 - Code Injection
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
CVSS 9.8