CVE-2014-1691

EPSS 81.3%

horde3 - Remote code execution

Published: 4/1/2014Modified: 4/28/2026

Description

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.

Affected packages (2)

Debian/horde3from 0, < 3.3.8+debian0-3
Debian/php-horde-utilfrom 0, < 2.3.0-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-1691