CVE-2017-7413
HIGH8.8EPSS 24.5%php-horde-crypt - security update
Published: 4/4/2017Modified: 4/28/2026
Also known as:DEBIAN-CVE-2017-7413
Description
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Affected packages (2)
- Debian/php-horde-cryptfrom 0, < 2.7.5-2
- Debian/php-horde-cryptfrom 0, < 2.5.0-5+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |