MEDIUM🇵🇱 Wersja polska

CVE-2002-2024

CVSS 5.3v3.1pub. 2002-12-31upd. 2026-04-16

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Horde Imp

    APP
    Horde
    2.2.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2003-0025HIGH7.5ten sam produkt

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized...

CVE-2002-0181HIGH7.5ten sam produkt

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to exe...

CVE-2001-1257HIGH7.5ten sam produkt

Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows rem...

CVE-2012-5565MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0...

CVE-2012-6640MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde ...