| Horde Imp, an application that comes with the Horde GroupWare/Webmail suite exposes an unauthenticated debug page with a form
that permits IMAP requests to arbitrary hosts. The page is at http://horde_path/imp/test.php and should be deleted after installation.
Leveraging the CVE 2018-19518 and no input sanitization is possible to execute shell commands.
Tested on Debian/Ubuntu. |
