Описание
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.9.5-2 |
| esm-apps/xenial | not-affected | 0.9.5-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [0.9.5-2]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
| trusty | not-affected | 0.9.5-2 |
Показывать по
7.5 High
CVSS2
Связанные уязвимости
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
7.5 High
CVSS2