Horde Gollem Module Unauthorized File Download Vulnerability - Windows CVE-2017-15235
- CVSSv3 Score
- Vulnerability description
Horde Groupware is prone to an unauthorized file download vulnerability.
- Risk description
The flaw is due to user controlled input is not sufficiently sanitized when passed to File Manager (gollem) module. Successful exploitation will allow remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
Upgrade to latest version of Horde Groupware and File Manager (gollem) module.
- Not available