A critical RCE flaw in Horde Webmail has yet to be addressed

From securityaffairs.co

Horde Webmail

Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source Horde Webmail client. Horde Webmail allows users to manage contacts, the flaw could be exploited by an authenticated user of a Horde instance to take over an email server by sending a specially crafted email to a victim.

Read more…