CVE-2013-6275

MEDIUM

Horde Groupware < 5.1.2 - Cross-Site Request Forgery in basic.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6275. PoCs published by Marcela Benetrix.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Horde Groupware Webmail Edition 5.1.2, allowing an attacker to create, update, enable, or delete email filtering rules without user interaction. The PoC includes a crafted HTML form that submits malicious rule configurations to the vulnerable endpoint.

Description

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.

Exploits (1)

exploitdb WORKING POC

by Marcela Benetrix · htmlwebappsphp

https://www.exploit-db.com/exploits/29274

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Horde Groupware Webmail Edition 5.1.2, allowing an attacker to create, update, enable, or delete email filtering rules without user interaction. The PoC includes a crafted HTML form that submits malicious rule configurations to the vulnerable endpoint.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Horde Groupware Webmail Edition 5.1.2

Auth required

Prerequisites: Victim must be authenticated in the target application · Victim must visit a malicious page or click a crafted link

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory x_refsource_misc

https://security-tracker.debian.org/tracker/CVE-2013-6275

Third Party Advisory x_refsource_misc

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-6275

Broken Link x_refsource_misc

http://archives.neohapsis.com/archives/bugtraq/2013-10/0134.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/29274

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/63377

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securitytracker.com/id/1029285

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/88321

Scores

CVSS v3 6.5

EPSS 0.0207

EPSS Percentile 78.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-352

Status published

Products (4)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

horde/groupware < 5.1.2

Published Nov 05, 2019

Tracked Since Feb 18, 2026