PublicDate: 2008-02-19 01:00:00 UTC
Candidate: CVE-2008-0807
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0807
Description:
 lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before
 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware
 before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not
 properly check access rights, which allows remote authenticated users to
 modify address data via a modified object_id parameter to edit.php, as
 demonstrated by modifying a personal address book entry when there is write
 access to a shared address book.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_turba2:
upstream_turba2: released (2.1.7)
dapper_turba2: ignored (reached end-of-life)
edgy_turba2: needed (reached end-of-life)
feisty_turba2: needed (reached end-of-life)
gutsy_turba2: needed (reached end-of-life)
hardy_turba2: released (2.1.7-1)
intrepid_turba2: released (2.1.7-1)
jaunty_turba2: released (2.1.7-1)
karmic_turba2: released (2.1.7-1)
devel_turba2: released (2.1.7-1)