cvedb.io
CVE-2017-7413
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2017-04-04T14:59:00.303 · Last modified 2026-06-17T01:24:18.190

Summary

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.

Affected products

horde — groupware

Does this affect you?

Add your gear to cvedb and we'll alert you only when horde ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.