CVE-2018-9846

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.2.0 through 1.3.5

Description The issue allows for an IMAP injection attack by exploiting the unsanitized " uid" parameter in an archive.php request, specifically when the task=mail& mbox=INBOX& action=plugin.move2archive endpoint is used. This can be achieved by placing an IMAP command after a %0d%0a sequence. It's noted that versions 1.3.4 and later have a reduced exploitability due to a Same Origin Policy protection mechanism.

Recommendations For versions 1.2.0 through 1.3.5, consider disabling the archive plugin until a patch is available to prevent exploitation of the " uid" parameter in the archive.php request. At the moment, there is no information about a newer version that contains a fix for this vulnerability.