CVE-2020-12641

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS

Description

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

DrunkenShells/Disclosures
DrunkenShells/Disclosures
Public Disclosures
GitHubGitHub
92
roundcube/roundcubemail
roundcube/roundcubemail
The Roundcube Webmail suite
GitHubGitHub
7K