VYPR

php-horde-vfs

by Debian

CVEs (1)

  • CVE-2026-60102Jul 9, 2026
    risk 0.00cvss epss

    Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability in the Horde_Vfs_Smb driver where the _escapeShellCommand() method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell…