FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

horde -- "url" disclosure of sensitive information vulnerability

Affected packages
horde < 3.1
horde-php5 < 3.1


VuXML ID c7c09579-b466-11da-82d0-0050bf27ba24
Discovery 2006-03-15
Entry 2006-03-15

Secunia advisory SA19246:

Paul Craig has discovered a vulnerability in Horde, which can be exploited by malicious people to disclose sensitive information. Input passed to the "url" parameter in "services/go.php" isn't properly verified, before it is used in a "readfile()" call. This can be exploited to disclose the content of arbitrary files via e.g. the "php://" protocol wrapper.

The vulnerability has been confirmed in version 3.0.9 and has also been reported in prior versions.

Provided and/or discovered by: Paul Craig,