CVE-2008-0807

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
hordegroupware
1.0.3
hordegroupware_webmail_edition
1.0.4
hordeturba_contact_manager
2.1.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
turba2
karmic
Fixed 2.1.7-1
released
jaunty
Fixed 2.1.7-1
released
intrepid
Fixed 2.1.7-1
released
hardy
Fixed 2.1.7-1
released
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058
http://lists.horde.org/archives/announce/2008/000378.html
http://lists.horde.org/archives/announce/2008/000379.html
http://lists.horde.org/archives/announce/2008/000380.html
http://lists.horde.org/archives/announce/2008/000381.html
http://secunia.com/advisories/28982
http://secunia.com/advisories/29071
http://secunia.com/advisories/29184
http://secunia.com/advisories/29185
http://secunia.com/advisories/29186
http://www.debian.org/security/2008/dsa-1507
http://www.securityfocus.com/bid/27844
http://www.securitytracker.com/id?1019433
http://www.vupen.com/english/advisories/2008/0593/references
https://bugzilla.redhat.com/show_bug.cgi?id=432027
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058
http://lists.horde.org/archives/announce/2008/000378.html
http://lists.horde.org/archives/announce/2008/000379.html
http://lists.horde.org/archives/announce/2008/000380.html
http://lists.horde.org/archives/announce/2008/000381.html
http://secunia.com/advisories/28982
http://secunia.com/advisories/29071
http://secunia.com/advisories/29184
http://secunia.com/advisories/29185
http://secunia.com/advisories/29186
http://www.debian.org/security/2008/dsa-1507
http://www.securityfocus.com/bid/27844
http://www.securitytracker.com/id?1019433
http://www.vupen.com/english/advisories/2008/0593/references
https://bugzilla.redhat.com/show_bug.cgi?id=432027
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html