Candidate: CVE-2020-8865
PublicDate: 2020-03-23 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8865
 https://lists.horde.org/archives/announce/2020/001286.html
 https://www.zerodayinitiative.com/advisories/ZDI-20-276/
 https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75
 https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908
Description:
 This vulnerability allows remote attackers to execute local PHP files on
 affected installations of Horde Groupware Webmail Edition 5.2.22.
 Authentication is required to exploit this vulnerability. The specific flaw
 exists within edit.php. When parsing the params[template] parameter, the
 process does not properly validate a user-supplied path prior to using it
 in file operations. An attacker can leverage this in conjunction with other
 vulnerabilities to execute code in the context of the www-data user. Was
 ZDI-CAN-10469.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955019
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L [6.3 MEDIUM]


Patches_php-horde-trean:
upstream_php-horde-trean: needs-triage
precise/esm_php-horde-trean: DNE
trusty_php-horde-trean: ignored (out of standard support)
trusty/esm_php-horde-trean: DNE
xenial_php-horde-trean: ignored (end of standard support, was needs-triage)
bionic_php-horde-trean: needs-triage
eoan_php-horde-trean: ignored (reached end-of-life)
focal_php-horde-trean: DNE
groovy_php-horde-trean: DNE
hirsute_php-horde-trean: DNE
impish_php-horde-trean: DNE
jammy_php-horde-trean: DNE
devel_php-horde-trean: DNE