What is CVE-2012-0209?

CVE-2012-0209 is a vulnerability in Horde Groupware, classified under Code Injection. Published 2012-09-25.

Is CVE-2012-0209 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Horde Groupware

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_cal…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.648 (98.5th percentile) — read the EPSS interpretation.

Affected products

Horde Groupware — versions 1.2.10
Horde — versions 3.3.12
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

security@debian.org (x_refsource_CONFIRM, Exploit, Patch, Vendor Advisory)
security@debian.org (Exploit, x_refsource_MISC)
security@debian.org (Patch, x_refsource_MISC)
security@debian.org (Exploit, x_refsource_MISC)
[horde-announce] 20120213 [SECURITY] Remote execution backdoor after server hack (CVE-2012-0209) (mailing-list, x_refsource_MLIST, Exploit, Patch)

Frequently asked questions

What is CVE-2012-0209?: CVE-2012-0209 is a vulnerability in Horde Groupware, classified under Code Injection. Published 2012-09-25.
Is CVE-2012-0209 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.