Roundcube » Roundcube Webmail : Security Vulnerabilities, CVEs, Published In 2017 (Information Leak)
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
Max CVSS
7.5
EPSS Score
0.45%
Published
2017-05-23
Updated
2018-10-30
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
Max CVSS
6.5
EPSS Score
0.15%
Published
2017-05-23
Updated
2018-10-30
2 vulnerabilities found