[horde] Question on: (0Day) Horde Groupware Webmail Edition Sort sortpref Deserialization of Untrusted Data Remote Code Execution Vulnerability
Jens Wahnes
wahnes at uni-koeln.de
Wed Oct 12 13:02:02 UTC 2022
Frank Richter wrote:
> I stumbled over this:
> https://www.zerodayinitiative.com/advisories/ZDI-20-1051/
> Ist this one fixed in the current versions?
The report mentions that the flaw is in "Sort.php". If that information
is correct, then the flaw still exists, because "Sort.php" has not been
updated since 2017 but the bug was reported to have existed in 2020.
See <https://github.com/horde/imp/commits/master/lib/Prefs/Sort.php> or
<https://github.com/horde/imp/commits/FRAMEWORK_5_2/lib/Prefs/Sort.php>
for a history of updates to "Sort.php".
Jens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5324 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.horde.org/archives/horde/attachments/20221012/49574a3a/attachment.bin>
More information about the horde
mailing list