Full title: Horde 5.2.22 CSV Import Code Execution Exploit 
Category: remote exploits
Platform: php
The Horde_Data module version 2.1.4 (and before) present in Horde Groupware version 5.2.22 allows authenticated users to inject arbitrary PHP code thus achieving remote code execution the server hosting the web application.

# 0day.today @ http://0day.today/