Just FYI, noone of the Horde developers was able to reproduce this,
and it should only be exploitable if you have a PHP version that has
bugs in both parse_url() and readfile().
Beside that, the reporters unfortunately stopped talking to us in the
middle of the process, dunno why.
and it should only be exploitable if you have a PHP version that has
bugs in both parse_url() and readfile().
Beside that, the reporters unfortunately stopped talking to us in the
middle of the process, dunno why.
Zitat von ...
[ more ]