New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email


A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim.

“Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction,” SonarSource said in a report shared with The Hacker News. “The vulnerability exists in the default configuration and can be exploited with no knowledge of a targeted Horde instance.”

Read more…