CVE-2012-0209

Name of the Vulnerable Software and Affected Versions Horde version 3.3.12 Horde Groupware version 1.2.10 Horde Groupware Webmail Edition version 1.2.10

Description The issue allows remote attackers to execute arbitrary PHP code due to an externally introduced modification in the templates/javascript/open calendar.js file. This modification was introduced in versions distributed by FTP between November 2011 and February 2012.

Recommendations For Horde version 3.3.12, avoid using the affected open calendar.js template until a fix is available. For Horde Groupware version 1.2.10, restrict access to the vulnerable open calendar.js file to minimize the risk of exploitation. For Horde Groupware Webmail Edition version 1.2.10, consider disabling the use of the open calendar.js template temporarily as a workaround.