Horde Webmail users urged to disable feature to contain a nine-year-old security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. The vulnerability triggers when a targeted user views an attached OpenOffice document in the browser. The shortcoming was originally reported to the project maintainers on August 26, 2021, but to date no fixes have been shipped despite confirmation from the vendor acknowledging the flaw. Users are advised to disable the rendering of OpenOffice attachments by editing the config/mime_drivers.php file to add the ‘disable'”]
Source: https://thehackernews.com/2022/02/9-year-old-unpatched-email-hacking-bug.html