Roundcube Webmail Path Traversal Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the rcubepluginapi.php file in Roundcube Webmail versions prior to 1.4.4. An attacker can exploit this vulnerability ...

CVE-2020-12640

CVE-2020-12640 affects Roundcube Webmail prior to 1.4.4. The vulnerability arises from a directory traversal in a plugin name passed to rcube_plugin_api.php, enabling local file inclusion and arbitrary code execution. Reported impact aligns with partial confidentiality, integrity, and availabilit...