Paul Craig has discovered a vulnerability in Horde, which
can be exploited by malicious people to disclose sensitive
Input passed to the "url" parameter in "services/go.php"
isn't properly verified, before it is used in a
"readfile()" call. This can be exploited to disclose the
content of arbitrary files via e.g. the "php://" protocol
The vulnerability has been confirmed in version 3.0.9 and
has also been reported in prior versions.
Provided and/or discovered by:
Paul Craig, Security-Assessment.com.