Source: php-horde-imp
Version: 6.2.27-3
Severity: grave
Tags: security upstream
Forwarded: https://github.com/horde/imp/pull/85
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for php-horde-imp.

CVE-2026-58451[0]:
| Horde IMP before 7.0.1 contains a path traversal vulnerability in
| lib/Compose.php that allows authenticated attackers to read
| arbitrary files from the server filesystem by embedding traversal
| sequences after a CKEditor path prefix in img src URLs. Attackers
| can bypass the stripos() prefix validation by appending sequences
| such as traversal segments after the matching prefix, causing
| file_get_contents() to read sensitive files whose contents are then
| exfiltrated as MIME parts in outgoing email; unauthenticated
| exploitation is also achievable via CSRF against an active
| authenticated session.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-58451
    https://www.cve.org/CVERecord?id=CVE-2026-58451
[1] https://github.com/horde/imp/pull/85
[2] https://github.com/horde/imp/commit/fba972fab72ee6871e5d56e6390bee38593085de

Regards,
Salvatore

Reply via email to