CVE-2009-0932

NUCLEI

Horde < 3.2.4 and 3.3.3 and Horde Groupware < 1.1.5 - Remote Code Execution via Image Driver Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0932. PoCs published by skysbsb. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in Horde's Horde_Image::factory method, allowing unauthenticated attackers to read arbitrary files or execute PHP code via the 'driver' argument. The PoC provides a URL to exploit the vulnerability by traversing directories to access /etc/passwd.

Description

Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by skysbsb · textwebappsphp

https://www.exploit-db.com/exploits/16154

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability in Horde's Horde_Image::factory method, allowing unauthenticated attackers to read arbitrary files or execute PHP code via the 'driver' argument. The PoC provides a URL to exploit the vulnerability by traversing directories to access /etc/passwd.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Horde 3.3.2, Horde Groupware, Horde Groupware Webmail Edition

No auth needed

Prerequisites: Target running vulnerable Horde version · Access to the 'barcode.php' endpoint

MITRE ATT&CK