{"api_version":"1","generated_at":"2026-05-15T02:10:30+00:00","cve":"CVE-2008-0807","urls":{"html":"https://cve.report/CVE-2008-0807","api":"https://cve.report/api/cve/CVE-2008-0807.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0807","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0807"},"summary":{"title":"CVE-2008-0807","description":"lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-02-19 01:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.9","severity":"","vector":"AV:N/AC:M/Au:S/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/29186","name":"http://secunia.com/advisories/29186","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for horde - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019433","name":"http://www.securitytracker.com/id?1019433","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Horde Groupware Discloses Address Book Contacts to Remote Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.horde.org/archives/announce/2008/000380.html","name":"http://lists.horde.org/archives/announce/2008/000380.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"[announce] Horde Groupware 1.0.4 (final)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29071","name":"http://secunia.com/advisories/29071","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for turba2 - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058","name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#464058 - turba2: Access rights not checked properly - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0593/references","name":"http://www.vupen.com/english/advisories/2008/0593/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.horde.org/archives/announce/2008/000381.html","name":"http://lists.horde.org/archives/announce/2008/000381.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"[announce] Horde Groupware Webmail Edition 1.0.5 (final)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29185","name":"http://secunia.com/advisories/29185","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for imp - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.horde.org/archives/announce/2008/000378.html","name":"http://lists.horde.org/archives/announce/2008/000378.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"[announce] Turba H3 (2.1.7) (final)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 8 Update: turba-2.1.7-1.fc8","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 7 Update: turba-2.1.7-1.fc7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1507","name":"http://www.debian.org/security/2008/dsa-1507","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1507-1 turba2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.horde.org/archives/announce/2008/000379.html","name":"http://lists.horde.org/archives/announce/2008/000379.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"[announce] Turba H3 (2.2-RC3)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432027","name":"https://bugzilla.redhat.com/show_bug.cgi?id=432027","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug 432027 – CVE-2008-0807 turba: insufficient access checks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27844","name":"http://www.securityfocus.com/bid/27844","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Multiple Horde Products Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/29184","name":"http://secunia.com/advisories/29184","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Fedora update for turba - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28982","name":"http://secunia.com/advisories/28982","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Multiple Horde Products Security Bypass - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0807","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0807","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"alpha","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"amd64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"arm","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"hppa","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"ia-32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"ia-64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"m68k","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"mips","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"mipsel","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"powerpc","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"s-390","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"sparc","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"horde","cpe5":"groupware","cpe6":"1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"horde","cpe5":"groupware_webmail_edition","cpe6":"1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"807","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"horde","cpe5":"turba_contact_manager","cpe6":"2.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T08:01:38.898Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"29186","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29186"},{"name":"[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.horde.org/archives/announce/2008/000381.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432027"},{"name":"FEDORA-2008-2087","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"},{"name":"27844","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27844"},{"name":"DSA-1507","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1507"},{"name":"28982","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28982"},{"name":"29071","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29071"},{"name":"[announce] 20080215 Turba H3 (2.1.7) (final)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.horde.org/archives/announce/2008/000378.html"},{"name":"ADV-2008-0593","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0593/references"},{"name":"[announce] 20080215 Turba H3 (2.2-RC3)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.horde.org/archives/announce/2008/000379.html"},{"name":"29185","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29185"},{"name":"[announce] 20080215 Horde Groupware 1.0.4 (final)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.horde.org/archives/announce/2008/000380.html"},{"name":"1019433","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019433"},{"name":"29184","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29184"},{"name":"FEDORA-2008-2040","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-02-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2008-03-05T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"29186","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29186"},{"name":"[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.horde.org/archives/announce/2008/000381.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432027"},{"name":"FEDORA-2008-2087","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"},{"name":"27844","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27844"},{"name":"DSA-1507","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1507"},{"name":"28982","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28982"},{"name":"29071","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29071"},{"name":"[announce] 20080215 Turba H3 (2.1.7) (final)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.horde.org/archives/announce/2008/000378.html"},{"name":"ADV-2008-0593","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0593/references"},{"name":"[announce] 20080215 Turba H3 (2.2-RC3)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.horde.org/archives/announce/2008/000379.html"},{"name":"29185","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29185"},{"name":"[announce] 20080215 Horde Groupware 1.0.4 (final)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.horde.org/archives/announce/2008/000380.html"},{"name":"1019433","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019433"},{"name":"29184","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29184"},{"name":"FEDORA-2008-2040","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0807","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"29186","refsource":"SECUNIA","url":"http://secunia.com/advisories/29186"},{"name":"[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)","refsource":"MLIST","url":"http://lists.horde.org/archives/announce/2008/000381.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=432027","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=432027"},{"name":"FEDORA-2008-2087","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"},{"name":"27844","refsource":"BID","url":"http://www.securityfocus.com/bid/27844"},{"name":"DSA-1507","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1507"},{"name":"28982","refsource":"SECUNIA","url":"http://secunia.com/advisories/28982"},{"name":"29071","refsource":"SECUNIA","url":"http://secunia.com/advisories/29071"},{"name":"[announce] 20080215 Turba H3 (2.1.7) (final)","refsource":"MLIST","url":"http://lists.horde.org/archives/announce/2008/000378.html"},{"name":"ADV-2008-0593","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0593/references"},{"name":"[announce] 20080215 Turba H3 (2.2-RC3)","refsource":"MLIST","url":"http://lists.horde.org/archives/announce/2008/000379.html"},{"name":"29185","refsource":"SECUNIA","url":"http://secunia.com/advisories/29185"},{"name":"[announce] 20080215 Horde Groupware 1.0.4 (final)","refsource":"MLIST","url":"http://lists.horde.org/archives/announce/2008/000380.html"},{"name":"1019433","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019433"},{"name":"29184","refsource":"SECUNIA","url":"http://secunia.com/advisories/29184"},{"name":"FEDORA-2008-2040","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"},{"name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058","refsource":"CONFIRM","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-0807","datePublished":"2008-02-19T00:00:00.000Z","dateReserved":"2008-02-18T00:00:00.000Z","dateUpdated":"2024-08-07T08:01:38.898Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-02-19 01:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","matchCriteriaId":"0F92AB32-E7DE-43F4-B877-1F41FA162EC7"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*","matchCriteriaId":"F5114DA3-FBB9-47C4-857B-3212404DAD4E"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*","matchCriteriaId":"4D5F5A52-285E-4E7E-83B8-508079DBCEAE"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*","matchCriteriaId":"674BE2D9-009B-46C5-A071-CB10368B8D48"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*","matchCriteriaId":"703486E5-906B-4BDB-A046-28D4D73E3F03"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*","matchCriteriaId":"ABB5AC0D-2358-4C8E-99B5-2CE0A678F549"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*","matchCriteriaId":"38B37184-BA88-44F1-AC9E-8B60C2419111"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*","matchCriteriaId":"0D8C9247-3E18-4DD9-AF5B-B2996C76443F"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*","matchCriteriaId":"0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*","matchCriteriaId":"D7B877A8-5318-402E-8AE1-753E7419060F"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*","matchCriteriaId":"A3938420-087D-4D92-A2F8-EAE54D9837EC"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*","matchCriteriaId":"EFB8DE9F-2130-49E9-85EE-6793ED9FBEED"},{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*","matchCriteriaId":"10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D59C23FB-E223-4EED-8F69-3CC1EE7DF148"},{"vulnerable":true,"criteria":"cpe:2.3:a:horde:groupware_webmail_edition:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"989D5040-13B3-4D76-A516-81CAB112FE44"},{"vulnerable":true,"criteria":"cpe:2.3:a:horde:turba_contact_manager:2.1.6:*:*:*:*:*:*:*","matchCriteriaId":"6476A5E9-779F-4CBC-9C49-42AADD427B91"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"807","Ordinal":"1","Title":"CVE-2008-0807","CVE":"CVE-2008-0807","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"807","Ordinal":"1","NoteData":"lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.","Type":"Description","Title":"CVE-2008-0807"},{"CveYear":"2008","CveId":"807","Ordinal":"2","NoteData":"2008-02-18","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"807","Ordinal":"3","NoteData":"2008-03-05","Type":"Other","Title":"Modified"}]}}}