Andrea Basile

**Name of the Vulnerable Software and Affected Versions** Roundcube versions 1.2.0 through 1.3.5 **Description** The issue allows for an IMAP injection attack by exploiting the unsanitized `" uid"` parameter in an archive.php request, specifically when the ` task=mail& mbox=INBOX& action=plugin.move2archive` endpoint is used. This can be achieved by placing an IMAP command after a `%0d%0a` sequence. It's noted that versions 1.3.4 and later have a reduced exploitability due to a Same Origin Policy protection mechanism. **Recommendations** For versions 1.2.0 through 1.3.5, consider disabling the archive plugin until a patch is available to prevent exploitation of the `" uid"` parameter in the archive.php request. At the moment, there is no information about a newer version that contains a fix for this vulnerability.