CVE-2022-30287

HIGH Year: 2022
CVSS v3 Score
8.0
High
Weakness Type
CWE-470
View all →

Vulnerability Description

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

Related Vulnerabilities

CVE-2024-7059

HIGH
CVSS:8.0(High)

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

CWE-4702024

CVE-2024-4990

HIGH
CVSS:8.1(High)

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configurati...

CWE-4702024

CVE-2024-53850

HIGH
CVSS:8.2(High)

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthen...

CWE-4702024

CVE-2022-26469

HIGH
CVSS:7.8(High)

In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

CWE-4702022

CVE-2024-8048

HIGH
CVSS:7.8(High)

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

CWE-4702024

CVE-2025-31119

HIGH
CVSS:7.6(High)

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as ...

CWE-4702025