漏洞描述
【漏洞对象】Horde Groupware 【漏洞描述】 在对File Manager (gollem)模块传值时,未对用户输入进行严格过滤,导致无需用户认证即可下载系统文件。
Horde Groupware -任意文件下载
PoC代码
暂无相关漏洞推荐
- POC CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
- POC CVE-2009-0932: Horde/Horde Groupware - Local File Inclusion
- POC CVE-2010-4239: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion
- POC CVE-2011-4336: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
- POC CVE-2012-5321: TikiWiki CMS Groupware v8.3 - Open Redirect
- POC tikiwiki-reflected-xss: Tiki Wiki CMS Groupware 5.2 - Cross-Site Scripting
- POC tikiwiki-xss: Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting
- Horde Groupware Webmail Edition PHP反序列化漏洞
- Horde Groupware Webmail Edition /imp/test.php 远程命令执行漏洞
- Tiki Wiki CMS Groupware文件包含漏洞(CVE-2010-4239)
- Horde‘_formvars’表单远程代码执行漏洞