PT-2026-54913 · Horde Imp · Horde Imp
Evan
+1
·
Published
2026-07-01
·
Updated
2026-07-02
·
CVE-2026-58451
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Horde IMP versions prior to 7.0.1
Description
A path traversal issue exists in the
lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. This occurs because the stripos() prefix validation can be bypassed by appending traversal segments, leading the file get contents() function to read sensitive files. The contents of these files are then exfiltrated as MIME parts in outgoing emails. Additionally, unauthenticated exploitation is possible through Cross-Site Request Forgery (CSRF), which is a technique used to trick a victim's browser into performing an unwanted action on a different website where the victim is currently authenticated.Recommendations
Update Horde IMP to version 7.0.1 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Horde Imp