"PHP applications using the Horde_Form_Type_image form
element can be tricked into overwriting arbitrary files
writable by the webserver which might result in PHP
remote code execution"
This affects version 3.2.4 and below of Horde. It is recommended that
you upgrade to version 3.2.5 to avoid this vulnerability.