Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
History

Sat, 17 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:roundcube_webmail:1.6.0:*:*:*:*:*:*:*
Vendors & Products Roundcube
Roundcube roundcube Webmail
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-16T04:01:39.363Z

Reserved:

Link: CVE-2024-37385

cve-icon Vulnrichment

Updated: 2024-08-02T03:50:55.955Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-07T04:15:30.720

Modified: 2024-11-21T09:23:45.193

Link: CVE-2024-37385

cve-icon Redhat

No data.