CVE-2018-9846 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary command execution
Description	In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-670	roundcubemail	1.3.5-1	1.3.6-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 Apr 2018	ASA-201804-8	AVG-670	roundcubemail	High	arbitrary command execution

References
https://github.com/roundcube/roundcubemail/issues/6229 https://github.com/roundcube/roundcubemail/issues/6238 https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a https://roundcube.net/news/2018/04/11/security-update-1.3.6

References

https://github.com/roundcube/roundcubemail/issues/6229
https://github.com/roundcube/roundcubemail/issues/6238
https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a
https://roundcube.net/news/2018/04/11/security-update-1.3.6