Vulnerabilities > CVE-2022-30287 - Unsafe Reflection vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://blog.sonarsource.com/horde-webmail-rce-via-email/
- https://blog.sonarsource.com/horde-webmail-rce-via-email/
- https://lists.debian.org/debian-lts-announce/2022/08/msg00022.html
- https://lists.debian.org/debian-lts-announce/2022/08/msg00022.html
- https://lists.debian.org/debian-lts-announce/2024/10/msg00014.html
- https://www.horde.org/apps/webmail
- https://www.horde.org/apps/webmail