CVE-2008-0807

Name of the Vulnerable Software and Affected Versions Turba 2 (turba2) Contact Manager H3 versions 2.1.x through 2.1.6 Turba 2 (turba2) Contact Manager H3 versions 2.2.x through 2.2-RC2 Horde Groupware versions prior to 1.0.4 Horde Groupware Webmail Edition versions prior to 1.0.5

Description The issue allows remote authenticated users to modify address data by exploiting improper access rights checking. This can be achieved by modifying the object id parameter in the edit.php endpoint. For example, a user with write access to a shared address book can modify a personal address book entry.

Recommendations For Turba 2 (turba2) Contact Manager H3 versions 2.1.x, update to version 2.1.7 or later. For Turba 2 (turba2) Contact Manager H3 versions 2.2.x, update to version 2.2-RC3 or later. For Horde Groupware, update to version 1.0.4 or later. For Horde Groupware Webmail Edition, update to version 1.0.5 or later.