Intrusion Prevention

Horde.Eval.Poor.Input.Validation

Description

Indicates a possible attempt at exploiting a remote PHP code-execution vulnerability in Horde.
An attacker can exploit this issue to execute arbitrary malicious PHP code. This may help allow the attacker to compromise the application and the underlying system.

Affected Products

Horde Horde 3.0.9
Horde Horde 3.0.8
Horde Horde 3.0.7
Horde Horde 3.0.6
Horde Horde 3.0.4 -RC 2
Horde Horde 3.0.4 -RC 1
Horde Horde 3.0.4
Horde Horde 3.0.3
Horde Horde 3.0.2
Horde Horde 3.0.1
Horde Horde 3.0
Horde Horde 3.1

Impact

An attacker can execute arbitrary malicious PHP code.

Recommended Actions

Upgrade to Horde version 3.1.1 or 3.0.10, or apply patches :
http://ftp.horde.org/pub/horde/

CVE References

CVE-2006-1491