CVE-2020-8518

CRITICAL

Horde Groupware Webmail Edition <5.2.22 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-8518. PoCs published by Andrea Cardaci, Andrea Cardaci <[email protected]>, including Metasploit module exploits/multi/http/horde_csv_rce.

AI-analyzed exploit summary This exploit targets CVE-2020-8518, a command injection vulnerability in Horde Groupware. It authenticates, uploads a dummy file, and executes arbitrary commands via a crafted payload in the 'quote' parameter.

Description

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

Exploits (2)

exploitdb WORKING POC
by Andrea Cardaci · bashwebappsphp
https://www.exploit-db.com/exploits/48215

This exploit targets CVE-2020-8518, a command injection vulnerability in Horde Groupware. It authenticates, uploads a dummy file, and executes arbitrary commands via a crafted payload in the 'quote' parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Horde Groupware (version not specified)
Auth required
Prerequisites: valid credentials · access to login.php and data.php endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Andrea Cardaci <[email protected]> · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/horde_csv_rce.rb

This Metasploit module exploits a vulnerability in Horde Groupware 5.2.22 (CVE-2020-8518) by allowing authenticated users to inject arbitrary PHP code via CSV import, leading to remote code execution (RCE). The exploit chains authentication, CSV upload, and payload execution through manipulated form data.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Horde Groupware 5.2.22 (Horde_Data module <= 2.1.4)
Auth required
Prerequisites: Valid credentials for Horde Groupware · Access to the CSV import functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List, Vendor Advisory x_refsource_confirm
https://lists.horde.org/archives/announce/2020/001285.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html

Scores

CVSS v3 9.8
EPSS 0.7114
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (4)
debian/debian_linux 8.0
fedoraproject/fedora 30
fedoraproject/fedora 31
horde/groupware 5.2.22
Published Feb 17, 2020
Tracked Since Feb 18, 2026