CVE - CVE-2008-0807

CVE-ID
CVE-2008-0807	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:27844 URL:http://www.securityfocus.com/bid/27844 CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=432027 DEBIAN:DSA-1507 URL:http://www.debian.org/security/2008/dsa-1507 FEDORA:FEDORA-2008-2040 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html FEDORA:FEDORA-2008-2087 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html MLIST:[announce] 20080215 Horde Groupware 1.0.4 (final) URL:http://lists.horde.org/archives/announce/2008/000380.html MLIST:[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final) URL:http://lists.horde.org/archives/announce/2008/000381.html MLIST:[announce] 20080215 Turba H3 (2.1.7) (final) URL:http://lists.horde.org/archives/announce/2008/000378.html MLIST:[announce] 20080215 Turba H3 (2.2-RC3) URL:http://lists.horde.org/archives/announce/2008/000379.html SECTRACK:1019433 URL:http://www.securitytracker.com/id?1019433 SECUNIA:28982 URL:http://secunia.com/advisories/28982 SECUNIA:29071 URL:http://secunia.com/advisories/29071 SECUNIA:29184 URL:http://secunia.com/advisories/29184 SECUNIA:29185 URL:http://secunia.com/advisories/29185 SECUNIA:29186 URL:http://secunia.com/advisories/29186 VUPEN:ADV-2008-0593 URL:~~http://www.vupen.com/english/advisories/2008/0593/references~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20080218	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080218)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)