Описание
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.4.4+dfsg.1-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1.3.6+dfsg.1-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 1.4.3+dfsg.1-1ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 1.4.4+dfsg.1-1 |
| esm-apps/noble | not-affected | 1.4.4+dfsg.1-1 |
| esm-apps/xenial | released | 1.2~beta+dfsg.1-0ubuntu1+esm2 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
Показывать по
Ссылки на источники
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Уязвимость функций im_convert_path и im_identify_path файла rcube_image.php почтового клиента RoundCube Webmail, позволяющая нарушителю выполнить произвольный код
7.5 High
CVSS2
9.8 Critical
CVSS3