← back
CVE-2014-1691

CVE-2014-1691

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 43%
from disclosure to weapon0 days
Published on NVDApr 1
1st PoCMar 22
metasploitJun 27
exploitation probability
43%top 1% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.