CVE-2017-9774

Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
hordehorde_image_api
2.0.0
hordehorde_image_api
2.0.0:alpha1
hordehorde_image_api
2.0.0:beta1
hordehorde_image_api
2.0.0:beta2
hordehorde_image_api
2.0.1
hordehorde_image_api
2.0.2
hordehorde_image_api
2.0.3
hordehorde_image_api
2.0.4
hordehorde_image_api
2.0.5
hordehorde_image_api
2.0.6
hordehorde_image_api
2.0.7
hordehorde_image_api
2.0.8
hordehorde_image_api
2.0.9
hordehorde_image_api
2.1.0
hordehorde_image_api
2.2.0
hordehorde_image_api
2.3.0
hordehorde_image_api
2.3.1
hordehorde_image_api
2.3.2
hordehorde_image_api
2.3.3
hordehorde_image_api
2.3.4
hordehorde_image_api
2.3.5
hordehorde_image_api
2.3.6
hordehorde_image_api
2.4.0
hordehorde_image_api
2.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php-horde-image
sid
2.6.1-2
fixed
trixie
2.6.1-2
fixed
bookworm
2.6.1-2
fixed
bullseye
2.6.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php-horde-image
noble
dne
mantic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://lists.horde.org/archives/announce/2017/001234.html
https://www.debian.org/security/2018/dsa-4276
https://lists.horde.org/archives/announce/2017/001234.html
https://www.debian.org/security/2018/dsa-4276