CVE-2014-1691 | Horde Groupware up to 5.1.0 Util Library variables.php _formvars code injection (Nessus ID 72353 / ID 175269)
A vulnerability classified as critical has been found in Horde Groupware up to 5.1.0. Affected is an unknown function in the library framework/util/lib/horde/variables.php of the component Util Library. The manipulation of the argument _formvars leads to code injection.
This vulnerability is traded as CVE-2014-1691. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.