CVE-2012-0209

Horde Groupware 1.2.10 and Horde 3.3.12 - Remote Code Execution via Trojanized JavaScript Template

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-0209. PoCs published by Metasploit, Eric Romang, jduck, including Metasploit module exploits/multi/http/horde_href_backdoor.

AI-analyzed exploit summary This Metasploit module exploits a backdoor in Horde 3.3.12 and Horde Groupware 1.2.10, allowing arbitrary PHP code execution via a crafted HTTP request to the `javascript.php` endpoint. The exploit leverages a malicious `Cookie` header to inject and execute payloads.

Description

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/18492

View Code ZIP pw:eip

This Metasploit module exploits a backdoor in Horde 3.3.12 and Horde Groupware 1.2.10, allowing arbitrary PHP code execution via a crafted HTTP request to the `javascript.php` endpoint. The exploit leverages a malicious `Cookie` header to inject and execute payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Horde 3.3.12, Horde Groupware 1.2.10

No auth needed

Prerequisites: Target must have the vulnerable Horde version installed · The `javascript.php` endpoint must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Eric Romang, jduck · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/horde_href_backdoor.rb