CVE-2008-0807 in Turba Contact Manager情報

要約

〜によって MITRE

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

予約する

2008年02月18日

モデレーション

承諾済み

エントリ

VDB-41096

EPSS

0.01383

KEV

いいえ

アクティビティ

非常低い

セクター

Pharma, Insurance, ...

ソース

MITREhttps://www.cve.org/CVERecord?id=CVE-2008-0807
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2008-0807
CVE Detailshttps://www.cvedetails.com/cve/CVE-2008-0807/

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!