Unrated severityNVD Advisory· Published Mar 11, 2008· Updated Apr 23, 2026

CVE-2008-1284

Description

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

Affected products

Horde (software)/Groupware
cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*
Range: <=1.0.4
Horde (software)/Groupware Webmail Edition
cpe:2.3:a:horde:groupware_webmail_edition:*:*:*:*:*:*:*:*
Range: <=1.0.5
Horde (software)/Horde
cpe:2.3:a:horde:horde:3.1.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.horde.org/archives/announce/2008/000382.htmlnvdPatch
www.securityfocus.com/bid/28153nvdPatch
secunia.com/advisories/29286nvdVendor Advisory
secunia.com/advisories/29374nvdVendor Advisory
secunia.com/advisories/29400nvdVendor Advisory
secunia.com/advisories/30047nvdVendor Advisory
lists.horde.org/archives/announce/2008/000383.htmlnvd
lists.horde.org/archives/announce/2008/000384.htmlnvd
security.gentoo.org/glsa/glsa-200805-01.xmlnvd
securityreason.com/securityalert/3726nvd
www.debian.org/security/2008/dsa-1519nvd
www.securityfocus.com/archive/1/489239/100/0/threadednvd
www.securityfocus.com/archive/1/489289/100/0/threadednvd
www.vupen.com/english/advisories/2008/0822/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/41054nvd
www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000