Unrated severityNVD Advisory· Published Jul 21, 2001· Updated Apr 16, 2026

CVE-2001-1258

Description

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

Affected products

Horde (software)/Imp7 versions
cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2001/dsa-073nvdExploitPatchVendor Advisory
www.caldera.com/support/security/advisories/CSSA-2001-027.0.txtnvdVendor Advisory
distro.conectiva.com.br/atualizacoes/nvd
online.securityfocus.com/archive/1/198495nvd
www.iss.net/security_center/static/6906.phpnvd
www.securityfocus.com/bid/3083nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000