CVE-2020-8518

Severe 9.8

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

Published February 17, 2020.