Roundcube : Security Vulnerabilities, CVEs, CVSS score >= 9

CVE-2021-44026

Known exploited
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
Max CVSS
9.8
EPSS Score
0.59%
Published
2021-11-19
Updated
2021-12-16
CISA KEV Added
2023-06-22

CVE-2020-12641

Known exploited
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Max CVSS
9.8
EPSS Score
9.12%
Published
2020-05-04
Updated
2022-04-29
CISA KEV Added
2023-06-22

CVE-2020-12640

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
Max CVSS
9.8
EPSS Score
1.16%
Published
2020-05-04
Updated
2022-09-02

CVE-2015-2180

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.
Max CVSS
9.0
EPSS Score
0.31%
Published
2017-01-30
Updated
2018-10-30

CVE-2008-5619

Public exploit
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Max CVSS
10.0
EPSS Score
88.65%
Published
2008-12-17
Updated
2018-10-11
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close