CVE-2014-1691
horde3 - Remote code execution
EPSS 81.3%
Description
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
How to fix CVE-2014-1691
To remediate CVE-2014-1691, upgrade the affected package to a fixed version below.
- Debian/horde3—upgrade to 3.3.8+debian0-3 or later
- Debian/php-horde-util—upgrade to 2.3.0-1 or later
Is CVE-2014-1691 being exploited?
Likely — EPSS is 81.3%, placing CVE-2014-1691 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 3.3.8+debian0-3
- from 0, < 2.3.0-1