PT-2014-2518 · Roundcube+1 · Roundcube Webmail+1
Jan Lieskovsky
·
Publicado
2014-02-08
·
Atualizado
2016-02-12
·
CVE-2013-1904
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Roundcube Webmail versions prior to 0.7.3
Roundcube Webmail versions 0.8.x prior to 0.8.6
Description
The issue allows remote attackers to read arbitrary files via a full pathname in the
value parameter for the generic message footer setting in a save-perf action to "index.php". This has been exploited in the wild.Recommendations
For versions prior to 0.7.3, update to version 0.7.3 or later.
For versions 0.8.x prior to 0.8.6, update to version 0.8.6 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Roundcube Webmail