NVD

Id
30268  
Name
CVE-2014-1691  
Description
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-04-01  
Modified Date
2014-04-02  
Seq
2014-1691  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
160203 30268 CVE-2014-1691 [oss-security] 20140128 Remote code execution in horde < 5.1.1  View
160204 30268 CVE-2014-1691 [oss-security] 20140128 Re: Remote code execution in horde < 5.1.1  View
160205 30268 CVE-2014-1691 [oss-security] 20140129 Re: Remote code execution in horde < 5.1.1  View
160206 30268 CVE-2014-1691 DSA-2853  View
160207 30268 CVE-2014-1691 https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215  View
160208 30268 CVE-2014-1691 https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13015 JVNDB-2014-001890 Horde Application Framework の Util ライブラリにおけるオブジェクトインジェクション攻撃を実行される脆弱性 Horde Application Framework の Util ライブラリの framework/Util/lib/Horde/Variables.php スクリプトには、オブジェクトインジェクション攻撃を実行される、および任意の PHP コードを実行される脆弱性が存在します。 CVE-2014-1691 68978 CVE-2014-1691 30268 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001890.html 2014-01-28 2014-04-03 View