What is CVE-2022-30287?

CVE-2022-30287 is a vulnerability in N/a. Published 2022-07-28.

Is CVE-2022-30287 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

EPSS: 0.703 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.horde.org/apps/webmail (x_refsource_MISC)
blog.sonarsource.com/horde-webmail-rce-via-email/ (x_refsource_MISC)
[debian-lts-announce] 20220831 [SECURITY] [DLA 3090-1] php-horde-turba security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2022-30287?: CVE-2022-30287 is a vulnerability in N/a. Published 2022-07-28.
Is CVE-2022-30287 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.