CVE-2014-1691

{"id": "CVE-2014-1691", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-01T15:55:06.363", "references": [{"url": "http://seclists.org/oss-sec/2014/q1/153", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/oss-sec/2014/q1/156", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/oss-sec/2014/q1/169", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2014/dsa-2853", "source": "cve@mitre.org"}, {"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215", "source": "cve@mitre.org"}, {"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/oss-sec/2014/q1/153", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/oss-sec/2014/q1/156", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/oss-sec/2014/q1/169", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2014/dsa-2853", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form."}, {"lang": "es", "value": "El script framework/Util/lib/Horde/Variables.php en la librar\u00eda de Util en Horde anterior a 5.1.1 permite a atacantes remotos realizar ataques de inyecci\u00f3n de objetos y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un objeto serializado manipulado en el formulario _formvars."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:horde:horde_application_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA40D3C0-313C-4622-AD42-9E1422170FD3", "versionEndIncluding": "5.1.0"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA8B826-EB7D-4EF8-A886-CC83907C59EE"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7CB9652-6D7C-4EB1-AC6D-C29C20757FA3"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320EFF23-CD09-419F-8AC2-1EE5DE4763E0"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BB0209B-CA11-473A-9966-D069845806CB"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62DACAFB-3715-4986-BFD8-4939E31E2CE3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}