CVE-2006-1491

Horde Application Framework <3.0.10, <3.1.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1491. PoCs published by Inkubus.

AI-analyzed exploit summary This is a Metasploit module that exploits a remote PHP code execution vulnerability in Horde's Help Viewer module by injecting arbitrary commands via a crafted GET request. The exploit encodes the payload as chr() function calls and executes it through passthru().

Description

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Inkubus · webappsphp
https://www.exploit-db.com/exploits/1660

This is a Metasploit module that exploits a remote PHP code execution vulnerability in Horde's Help Viewer module by injecting arbitrary commands via a crafted GET request. The exploit encodes the payload as chr() function calls and executes it through passthru().

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Horde <= 3.0.9, 3.1.0
No auth needed
Prerequisites: Target must have Horde installed with the vulnerable Help Viewer module accessible
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17292
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-March/000671.html
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015841
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1034
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19528
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25516
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19485
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19692
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_07_sr.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1154
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19619
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1033
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19504
Various Sources x_refsource_confirm
http://lists.horde.org/archives/announce/2006/000272.html

Scores

EPSS 0.3844
EPSS Percentile 98.4%

Details

CWE
CWE-94
Status published
Products (12)
horde/application_framework 3.0
horde/application_framework 3.0.1
horde/application_framework 3.0.2
horde/application_framework 3.0.3
horde/application_framework 3.0.4
horde/application_framework 3.0.4_rc1
horde/application_framework 3.0.4_rc2
horde/application_framework 3.0.6
horde/application_framework 3.0.7
horde/application_framework 3.0.8
... and 2 more
Published Mar 29, 2006
Tracked Since Feb 18, 2026