Local File Inclusion Vulnerability in Horde IMP 2.2.6 and earlier

Local File Inclusion Vulnerability in Horde IMP 2.2.6 and earlier

CVE-2001-1258 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:P/A:N

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

Learn more about our Cis Benchmark Audit For Server Software.