Think you have a false positive on this rule?

Sid 1-49714

Message

SERVER-WEBAPP Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload attempt

Summary

This event is generated when an attacker attempts to exploit an arbitrary PHP file upload vulnerability in Horde Groupware Webmail.

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • www.ratiosec.com/2019/horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce/