HORDE::Chora major vulnaribility

Posted by m6w6 on 12th September 2004 in Mike's sudden inspirations: PHP

If you’re running Hordes Chora 1.2 you should immediately upgrade your Horde installation or temporarily disable CVS access through HTTP.

Unfiltered $_GET as shell argument

On a quick glance scripts like diff.php seem to use unfiltered $_GET parameters as shell command arguments, which will allow any remote user to execute any command as webserver user.

A request like ~~http://cvs.your.host/… ~~ will reveal the process list of the machine.