CVE-2001-1258

high

Description

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

References

http://www.securityfocus.com/bid/3083

http://www.iss.net/security_center/static/6906.php

http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt

http://online.securityfocus.com/archive/1/198495

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410

Details

Source: Mitre, NVD

Published: 2001-07-21

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00112

Detections

Analytics