The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-01T15:00:00

Updated: 2024-08-06T09:50:10.620Z

Reserved: 2014-01-28T00:00:00

Link: CVE-2014-1691

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2014-04-01T15:55:06.363

Modified: 2014-04-02T14:50:49.507

Link: CVE-2014-1691

cve-icon Redhat

No data.