CVE-2017-9774

HIGH

Horde_Image < 2.5.0 - Authenticated Remote Code Execution

Title source: llm
STIX 2.1

Description

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.

References (2)

Core 2
Core References
Mailing List, Vendor Advisory x_refsource_confirm
https://lists.horde.org/archives/announce/2017/001234.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4276

Scores

CVSS v3 8.8
EPSS 0.0238
EPSS Percentile 81.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (21)
horde/horde_image_api 2.0.0 (4 CPE variants)
horde/horde_image_api 2.0.1
horde/horde_image_api 2.0.2
horde/horde_image_api 2.0.3
horde/horde_image_api 2.0.4
horde/horde_image_api 2.0.5
horde/horde_image_api 2.0.6
horde/horde_image_api 2.0.7
horde/horde_image_api 2.0.8
horde/horde_image_api 2.0.9
... and 11 more
Published Jun 21, 2017
Tracked Since Feb 18, 2026