CVE-2015-7984

Name of the Vulnerable Software and Affected Versions Horde versions prior to 5.2.8 Horde Groupware versions prior to 5.2.11 Horde Groupware Webmail Edition versions prior to 5.2.11

Description Multiple cross-site request forgery (CSRF) issues allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, SQL queries, or PHP code. This is achieved via the cmd parameter to "admin/cmdshell.php", the sql parameter to "admin/sqlshell.php", or the php parameter to "admin/phpshell.php".

Recommendations For Horde versions prior to 5.2.8, update to version 5.2.8 or later. For Horde Groupware versions prior to 5.2.11, update to version 5.2.11 or later. For Horde Groupware Webmail Edition versions prior to 5.2.11, update to version 5.2.11 or later. As a temporary workaround, consider restricting access to the "admin/cmdshell.php", "admin/sqlshell.php", and "admin/phpshell.php" endpoints until a patch is applied.