What is CVE-2019-9858?

CVE-2019-9858 is a vulnerability in N/a. Published 2019-05-29.

Is CVE-2019-9858 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, i…

EPSS: 0.798 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ssd-disclosure.com/ (x_refsource_MISC)
packetstormsecurity.com/files/152476/Horde-Form-Shell-Upload.html (x_refsource_MISC)
[debian-lts-announce] 20190616 [SECURITY] [DLA 1822-1] php-horde-form security update (mailing-list, x_refsource_MLIST)
DSA-4468 (vendor-advisory, x_refsource_DEBIAN)
20190624 [SECURITY] [DSA 4468-1] php-horde-form security update (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2019-9858?: CVE-2019-9858 is a vulnerability in N/a. Published 2019-05-29.
Is CVE-2019-9858 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.