CVE-2009-3236

Name of the Vulnerable Software and Affected Versions Horde Application Framework versions 3.2 through 3.2.4 Horde Application Framework versions 3.3 through 3.3.4 Horde Groupware versions 1.1 through 1.1.5 Horde Groupware versions 1.2 through 1.2.3 Horde Groupware Webmail Edition versions 1.1 through 1.1.5 Horde Groupware Webmail Edition versions 1.2 through 1.2.3

Description The issue allows remote attackers with address book write privileges to overwrite arbitrary files and execute PHP code by reusing temporary filenames during the upload process. This is achieved through crafted Horde Form Type image form field elements.

Recommendations For Horde Application Framework versions 3.2 through 3.2.4, update to version 3.2.5 or later. For Horde Application Framework versions 3.3 through 3.3.4, update to version 3.3.5 or later. For Horde Groupware versions 1.1 through 1.1.5, update to version 1.1.6 or later. For Horde Groupware versions 1.2 through 1.2.3, update to version 1.2.4 or later. For Horde Groupware Webmail Edition versions 1.1 through 1.1.5, update to version 1.1.6 or later. For Horde Groupware Webmail Edition versions 1.2 through 1.2.3, update to version 1.2.4 or later.