Horde IMP Local 'prefs.lang' Vulnerability

IMP is a powerful web-based mail interface/client developed by members of the Horde project. Horde Application Framework provides support for dealing with things like preferences, compression, browser detection, connection tracking, etc.

If an attacker can create a file on a webserver's filesystem called 'prefs.lang' which is world readable then it may be possible for attackers to gain the privileges of the webserver process.

The contents of this file, if it exists on the webserver, can be executed by the PHP interpreter through a vulnerable website.


Privacy Statement
Copyright 2010, SecurityFocus