2 title: HORDE::Chora major vulnaribility
8 If you're running Hordes Chora **1.2** you should immediately upgrade your
9 Horde installation or temporarily disable CVS access through HTTP.
12 ### Unfiltered $_GET as shell argument
13 On a quick glance scripts like _diff.php_ seem to use unfiltered $_GET
14 parameters as shell command arguments, which will allow any remote user to
15 execute any command as webserver user.
17 A request like ~~<http://cvs.your.host/>... ~~ will reveal the process list of