PT-2016-4024 · Roundcube · Roundcube
Published
2016-01-29
·
Updated
2016-02-25
·
CVE-2015-8794
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Roundcube versions prior to 1.0.6
Roundcube versions 1.1.x prior to 1.1.2
Description
The issue allows remote authenticated users to read arbitrary files via a full pathname in the
alt parameter, related to contact photo handling in the photo.inc file.Recommendations
For versions prior to 1.0.6, update to version 1.0.6 or later.
For versions 1.1.x prior to 1.1.2, update to version 1.1.2 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Roundcube