CVE-2008-0807

NONECVSS 0.0

0.0

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

🔗 References (34)

cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058
cve@mitrehttp://lists.horde.org/archives/announce/2008/000378.html
cve@mitrehttp://lists.horde.org/archives/announce/2008/000379.html
cve@mitrehttp://lists.horde.org/archives/announce/2008/000380.html
cve@mitrehttp://lists.horde.org/archives/announce/2008/000381.html
cve@mitrehttp://secunia.com/advisories/28982
cve@mitrehttp://secunia.com/advisories/29071
cve@mitrehttp://secunia.com/advisories/29184
cve@mitrehttp://secunia.com/advisories/29185
cve@mitrehttp://secunia.com/advisories/29186
cve@mitrehttp://www.debian.org/security/2008/dsa-1507
cve@mitrehttp://www.securityfocus.com/bid/27844
cve@mitrehttp://www.securitytracker.com/id?1019433
cve@mitrehttp://www.vupen.com/english/advisories/2008/0593/references
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=432027

Is Your Infrastructure Affected by CVE-2008-0807?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-0807

📅 Published

🔄 Last Modified

🔗 References (34)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-0807?