Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-0807

EPSS 0.68% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-0807

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Turba 2 Contact Manager "lib/Driver/sql.php" 验证绕过漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
lib/Driver/sql.php的Turba 2 (turba2) Contact Manager H3,以及Horde Groupware和Horde Groupware Webmail Edition等产品中运行时,并不完全验证访问权限,这会允许远程授权用户通过edit.PHP的object_id 参数来修改地址数据,例如当可以对一个共享的地址名册进行写入访问的时候,对一个个人地址名册的登陆进行修改。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-0807

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-0807

登录查看更多情报信息。

Same Patch Batch · n/a · 2008-02-19 · 25 CVEs total

CVE-2008-0825Claroline 未明SQl注入漏洞
CVE-2008-0809ikiwiki 'HTMLscrubber' 插件 跨站脚本攻击漏洞
CVE-2008-0808ikiwiki'meta' 插件 跨站脚本攻击漏洞
CVE-2008-0817Joomla! 和Mambo com_filebase组件 'filecatid'参数 SQL注入漏洞
CVE-2008-0816Joomla! /Mambo 'com_sg' 组件 'pid' 参数SQL注入漏洞
CVE-2008-0815okul siteleri 'com_mezun' 组件 SQL注入漏洞
CVE-2008-0814TRUC Tracking Requirements & Use Cases 'download.PHP' 文件 目录遍历漏洞
CVE-2008-0813XPWeb 'Download.PHP'文件 目录遍历漏洞
CVE-2008-0812BanPro DMS 'index.PHP' 目录遍历漏洞
CVE-2008-0811AuraCMS 多个SQL注入漏洞
CVE-2008-0810Joomla! 和Mambo com_scheduling 组件 'id' 参数 SQL注入漏洞
CVE-2008-0826Claroline 未明远程漏洞
CVE-2007-6319Lyris Lyris List Manager 多个未明漏洞
CVE-2008-0824caroline PHP2PHPs函数 未明漏洞
CVE-2008-0823Drupal 头部图片模块 认证绕过漏洞
CVE-2008-0822Scribe 'index.PHP' 目录游历漏洞
CVE-2008-0821OSI Codes PHP Live! 'knowledge_searchm.PHP' SQL注入漏洞
CVE-2008-0820RETIRED: Etomite 'index.PHP' 跨站脚本漏洞
CVE-2008-0819PlutoStatus Locator 'index.PHP' 目录遍历漏洞
CVE-2008-0818freePHPgallery 多个目录遍历漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-0807

No comments yet

Leave a comment