Backdoor in Horde PHP Framework

A backdoor has been discovered in web applications based on the open source PHP framework Horde. The investigation revealed that someone had changed three distributions on the FTP server for the unauthorized execution of PHP code. Vulnerability registered as CVE-2012-0209 .

Affected Distributions:

• Horde 3.3.12, downloaded from FTP from November 15 to February 7
• Horde Groupware 1.2.10, downloaded from FTP from November 9 to February 7
• Horde Groupware Webmail Edition 1.2.10, downloaded from FTP from November 2 to February 7

Horde 4 is not affected, the repositories on CVS and Github too. You can check your version using signature search in / path / to / horde:

  \ $ m \ [1 \] (\ $ m \ [2 \]) 

All users of the listed versions are recommended to download them again and reinstall, or to upgrade to Horde 4.