In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T16:04:11.225Z
Reserved: 2017-04-03T00:00:00
Link: CVE-2017-7413

No data.

Status : Deferred
Published: 2017-04-04T14:59:00.303
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-7413

No data.

No data.