CVE-2008-0807
Last modified
CVE-2008-0807 is a vulnerability of currently unknown severity. lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.. EPSS estimates a 1.38% chance of exploitation in the next 30 days.
Description
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Horde | Groupware | 1.0.3 |
| Horde | Groupware Webmail Edition | 1.0.4 |
| Horde | Turba Contact Manager | 2.1.6 |
References
- http://secunia.com/advisories/28982Vendor Advisory
- http://secunia.com/advisories/28982Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-0807?
How severe is CVE-2008-0807?
How do I fix CVE-2008-0807?
Are you affected by CVE-2008-0807?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST