AVG-670 log
| Package | roundcubemail |
| Status | Fixed |
| Severity | High |
| Type | arbitrary command execution |
| Affected | 1.3.5-1 |
| Fixed | 1.3.6-1 |
| Current | 1.6.11-1 [extra] |
| Ticket | None |
| Created | Thu Apr 12 18:23:26 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-9846 | High | Yes | Arbitrary command execution | In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid"... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 19 Apr 2018 | ASA-201804-8 | roundcubemail | arbitrary command execution |