~ubuntu-security/ubuntu-cve-tracker/master : contents of active/CVE-2015-7984 at revision 13269

~ubuntu-security/ubuntu-cve-tracker/master : (revision 13269)

Candidate: CVE-2015-7984
PublicDate: 2015-11-19
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7984
 https://www.htbridge.com/advisory/HTB23272
Description:
 Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before
 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition
 before 5.2.11 allow remote attackers to hijack the authentication of
 administrators for requests that execute arbitrary (1) commands via the cmd
 parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to
 admin/sqlshell.php, or (3) PHP code via the php parameter to
 admin/phpshell.php.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 

Patches_php-horde:
 upstream: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
upstream_php-horde: needs-triage
precise_php-horde: DNE
precise/esm_php-horde: DNE
trusty_php-horde: needs-triage
vivid_php-horde: released (5.2.1+debian0-2+deb8u2build0.15.04.1)
vivid/stable-phone-overlay_php-horde: DNE
vivid/ubuntu-core_php-horde: DNE
wily_php-horde: ignored (reached end-of-life)
xenial_php-horde: needed
yakkety_php-horde: ignored (reached end-of-life)
zesty_php-horde: needed
devel_php-horde: needed