The Horde_Data module version 2.1.4 (and before) present in Horde Groupware version 5.2.22 allows authenticated users to inject arbitrary PHP code thus achieving remote code execution the server hosting the web application.
4f53a18b1dcb2a04ca5e0e9ef677195636d3382c8fc8467ec4ad99dcf70a9931
Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.
e09fc78ac1978bc60f8c74272465dc377212ec4df18d43494b7595391c130b02
Horde Groupware Webmail Edition version 5.2.22 suffers from a PHAR loading vulnerability.
62ec2c9073799c623bbe9b4c78815ab902ee4f55051f070f8a35acd4c921b964