The vulnerability of the im_convert_path and im_identify_path functions in the rcube_image.php file of the RoundCube Webmail client allows a hacker to execute arbitrary code.

The vulnerability of the imconvertpath and imidentifypath functions in the RoundCube Webmail client’s rcubeimage.php file exists because no measures have been taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

SUSE CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

Roundcube Webmail Parameter Injection Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the rcubeimage.php file in Roundcube Webmail versions prior to 1.4.4. An attacker can exploit the vulnerability to...

Design/Logic Flaw

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

UBUNTU-CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...