Horde Imp Unauthenticated Remote Command Execution
Description
Horde IMP is a web-based email client built on the Horde Application Framework that supports IMAP and POP3 protocols. A critical vulnerability exists in the IMP installation test page (test.php) that remains accessible after deployment. This page allows unauthenticated attackers to exploit the PHP imap_open() function to inject and execute arbitrary system commands on the server, bypassing all authentication mechanisms.
Remediation
Immediately remove the IMP test/debug page from all production installations by deleting the file located at /horde/imp/test.php (relative to your web root). This file is intended only for installation verification and should never remain accessible in production environments.
To remediate this vulnerability:
1. Locate and delete the test page:
rm /path/to/webroot/horde/imp/test.php
2. Verify the file has been removed by attempting to access it via browser
3. Review your deployment process to ensure test and debug files are automatically excluded from production deployments
4. Conduct a security audit to identify any other unnecessary diagnostic or test files that may be exposed
5. If the test page is needed for troubleshooting, restrict access using web server configuration (e.g., IP whitelisting) and remove it immediately after use