CVE-2007-1474

high

Description

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32997

http://www.vupen.com/english/advisories/2007/0965

http://www.securitytracker.com/id?1017785

http://www.securitytracker.com/id?1017784

http://www.securityfocus.com/bid/22985

http://www.debian.org/security/2007/dsa-1406

http://secunia.com/advisories/27565

http://lists.horde.org/archives/announce/2007/000315.html

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=489

Details

Source: Mitre, NVD

Published: 2007-03-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics