CVE-2020-8518 - Horde Groupware and Fedoraproject Fedora
Critical 9.8
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Affected software
Horde Groupware
Fedoraproject Fedora
Reference links
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T/
- https://lists.horde.org/archives/announce/2020/001285.html