CVE-2013-1904
EPSS 0.34%發布日:2014/2/8修改日:2026/5/29
描述
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.
受影響套件(1)
- Debian/roundcubefrom 0, < 0.7.2-9