PT-2020-13179 · Roundcube +4 · Roundcube Webmail +4
Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions prior to 1.4.4 Description: The issue allows attackers to include local files and execute code via directory traversal in a plugin name to "rcube plugin api.php". This can be exploited by providing a malicious plugi...