Description
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-1398-1 | php-horde-crypt security update |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T16:04:11.225Z
Reserved: 2017-04-03T00:00:00.000Z
Link: CVE-2017-7413
No data.
Status : Modified
Published: 2017-04-04T14:59:00.303
Modified: 2026-06-17T01:24:18.190
Link: CVE-2017-7413
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Debian DLA