CVE-2009-0932
NUCLEIDebian Horde - Path Traversal
Title source: ruleDescription
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by skysbsb · textwebappsphp
https://www.exploit-db.com/exploits/16154
Nuclei Templates (1)
Horde/Horde Groupware - Local File Inclusion
MEDIUMby pikpikcu
References (12)
Scores
EPSS
0.0561
EPSS Percentile
90.4%
Details
CWE
CWE-22
Status
published
Products (10)
debian/horde
3.2
debian/horde
3.2.2
debian/horde
3.2.3
debian/horde
3.3
debian/horde
3.3.1
debian/horde
3.3.2
debian/horde_groupware
1.1.1
debian/horde_groupware
1.1.2
debian/horde_groupware
1.1.3
debian/horde_groupware
1.1.4
Published
Mar 17, 2009
Tracked Since
Feb 18, 2026