Sunday, September 12, 2004

HORDE::Chora major vulnaribility

If you're running Hordes Chora 1.2 you should immediately upgrade your Horde installation or temporarily disable CVS access through HTTP.

Unfiltered $_GET as shell argument
On a quick glance scripts like diff.php seem to use unfiltered $_GET parameters as shell command arguments, which will allow any remote user to execute any command as webserver user.

A request like will reveal the process list of the machine.

No comments:

Post a Comment