CVE-2013-1904

Priority
Description
Absolute path traversal vulnerability in steps/mail/sendmail.inc in
Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote
attackers to read arbitrary files via a full pathname in the _value
parameter for the generic_message_footer setting in a save-perf action to
index.php, as exploited in the wild in March 2013.
Notes
More Information

Updated: 2020-01-29 19:46:44 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)