SOLVED UPS-430 - Horde Webmail 5.2.22 - Account Takeover via Email

ITHKBO

Active Member
Jun 23, 2020
27
30
13
Netherlands
cPanel Access Level
Root Administrator
Rex has there been any confirmation that the Horde release version from cPanel is even vulnerable to the mentioned attack under default configuration?
I have not been able to find the required processor code under /usr/local/cpanel/base/horde/imp/config/mime_drivers.php

We ran a test here on 100.0.11 and 102.0.6 but on default cPanel configuration we were not able to get any ooo document preview working in conjunction with extention .xslt
 
  • Like
Reactions: rainboy