Lucene search
HistoryNov 05, 2013 - 6:55 p.m.
CVE-2013-6172
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.028 Low
EPSS
Percentile
90.7%
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
Affected configurations
Node
roundcubewebmailRange≤0.8.6
ORroundcubewebmailMatch0.1
ORroundcubewebmailMatch0.120050811
ORroundcubewebmailMatch0.120050820
ORroundcubewebmailMatch0.120051007
ORroundcubewebmailMatch0.120051021
ORroundcubewebmailMatch0.1alpha
ORroundcubewebmailMatch0.1beta
ORroundcubewebmailMatch0.1beta2
ORroundcubewebmailMatch0.1rc1
ORroundcubewebmailMatch0.1rc2
ORroundcubewebmailMatch0.1stable
ORroundcubewebmailMatch0.1.1
ORroundcubewebmailMatch0.2
ORroundcubewebmailMatch0.2alpha
ORroundcubewebmailMatch0.2beta
ORroundcubewebmailMatch0.2stable
ORroundcubewebmailMatch0.2.1
ORroundcubewebmailMatch0.2.2
ORroundcubewebmailMatch0.3
ORroundcubewebmailMatch0.3beta
ORroundcubewebmailMatch0.3rc1
ORroundcubewebmailMatch0.3stable
ORroundcubewebmailMatch0.3.1
ORroundcubewebmailMatch0.4
ORroundcubewebmailMatch0.4beta
ORroundcubewebmailMatch0.4.1
ORroundcubewebmailMatch0.4.2
ORroundcubewebmailMatch0.5
ORroundcubewebmailMatch0.5beta
ORroundcubewebmailMatch0.5rc
ORroundcubewebmailMatch0.5.1
ORroundcubewebmailMatch0.5.2
ORroundcubewebmailMatch0.5.3
ORroundcubewebmailMatch0.5.4
ORroundcubewebmailMatch0.6
ORroundcubewebmailMatch0.7
ORroundcubewebmailMatch0.7.1
ORroundcubewebmailMatch0.7.2
ORroundcubewebmailMatch0.7.3
ORroundcubewebmailMatch0.8.0
ORroundcubewebmailMatch0.8.1
ORroundcubewebmailMatch0.8.2
ORroundcubewebmailMatch0.8.3
ORroundcubewebmailMatch0.8.4
ORroundcubewebmailMatch0.8.5
ORroundcubewebmailMatch0.9beta
ORroundcubewebmailMatch0.9rc
ORroundcubewebmailMatch0.9rc2
ORroundcubewebmailMatch0.9.0
ORroundcubewebmailMatch0.9.1
ORroundcubewebmailMatch0.9.2
ORroundcubewebmailMatch0.9.3
ORroundcubewebmailMatch0.9.4
Related
cve
cve
CVE-2013-6172
2013-11-05 18:55:06
nessus
nessus
Fedora 18 : roundcubemail-0.9.5-1.fc18 (2013-19745)
2013-10-31 00:00:00
Fedora 19 : roundcubemail-0.9.5-1.fc19 (2013-19729)
2013-10-27 00:00:00
Fedora 20 : roundcubemail-0.9.5-1.fc20 (2013-19699)
2013-11-11 00:00:00
cvelist
cvelist
CVE-2013-6172
2013-11-05 18:00:00
osv
osv
roundcube - design error
2013-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: roundcubemail-0.9.5-1.fc19
2013-10-26 00:56:27
[SECURITY] Fedora 20 Update: roundcubemail-0.9.5-1.fc20
2013-11-10 07:15:11
[SECURITY] Fedora 18 Update: roundcubemail-0.9.5-1.fc18
2013-10-31 02:59:02
mageia
mageia
Updated roundcubemail package fixes security vulnerability
2013-11-18 18:35:57
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0325)
2022-01-28 00:00:00
Debian Security Advisory DSA 2787-1 (roundcube - design error)
2013-10-27 00:00:00
Gentoo Security Advisory GLSA 201402-15
2015-09-29 00:00:00
debian
debian
[SECURITY] [DSA 2787-1] roundcube security update
2013-10-27 08:53:13
[SECURITY] [DSA 2787-1] roundcube security update
2013-10-27 08:53:13
[BSA-085] Security Update for roundcube
2013-11-12 21:33:26
debiancve
debiancve
CVE-2013-6172
2013-11-05 18:55:06
securityvulns
securityvulns
[ MDVSA-2013:263 ] roundcubemail
2013-12-09 00:00:00
prion
prion
Sql injection
2013-11-05 18:55:00
gentoo
gentoo
Roundcube: Arbitrary code execution
2014-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-6172
2013-11-05 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.028 Low
EPSS
Percentile
90.7%
Related for NVD:CVE-2013-6172