CVE-2019-12095

HIGH

Horde Groupware < 5.2.22 - Cross-Site Request Forgery via treanBookmarkTags Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12095. PoCs published by InfinitumIT.

AI-analyzed exploit summary This PoC demonstrates a combination of CSRF and XSS vulnerabilities in Horde Webmail to steal emails, execute remote commands, and perform SQL injection. It includes client-side JavaScript for exploitation and server-side PHP for data exfiltration.

Description

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.

Exploits (1)

exploitdb WORKING POC

by InfinitumIT · textwebappsphp

https://www.exploit-db.com/exploits/46903

View Code ZIP pw:eip

This PoC demonstrates a combination of CSRF and XSS vulnerabilities in Horde Webmail to steal emails, execute remote commands, and perform SQL injection. It includes client-side JavaScript for exploitation and server-side PHP for data exfiltration.

Classification

Working Poc 95%

Attack Type

Xss, Csrf, Sqli, Rce

Complexity

Moderate

Reliability

Reliable

Target: Horde Webmail <= v5.2.22

Auth required

Prerequisites: Victim interaction (clicking a link) · Attacker-controlled server to host malicious scripts · Valid session or authentication tokens for CSRF

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →