AVG-670

Package roundcubemail
Status Fixed
Severity High
Type arbitrary command execution
Affected 1.3.5-1
Fixed 1.3.6-1
Current 1.3.8-1 [community]
Ticket None
Created Thu Apr 12 18:23:26 2018
Issue Severity Remote Type Description
CVE-2018-9846 High Yes Arbitrary command execution
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid"...
Date Advisory Package Description
19 Apr 2018 ASA-201804-8 roundcubemail arbitrary command execution