CVE-2013-1904 (retired)

Priority
Description
Absolute path traversal vulnerability in steps/mail/sendmail.inc in
Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote
attackers to read arbitrary files via a full pathname in the _value
parameter for the generic_message_footer setting in a save-perf action to
index.php, as exploited in the wild in March 2013.
Notes
More Information

Updated: 2019-10-09 07:45:23 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)