Horde Framework Theme File Include Vulnerability

Horde Framework is an application framework used with other Horde Project products. It is implemented in PHP.

Horde is prone to a file-include vulnerability because it fails to sufficiently sanitize user-supplied input. This vulnerability could let attackers include local files. Under certain configurations, the issue may also allow remote file-inclusion attacks.

Exploiting this issue may allow an attacker to gain access to files or execute arbitrary PHP code in the context of the application.

This issue was identified in Horde 3.1.6; other versions may also be affected.

NOTE: The vendor has confirmed that the vulnerability exists, but there are conflicting details about the nature of the exploit. Please see the references for the vendor's description.


Privacy Statement
Copyright 2010, SecurityFocus