3 matches found
SUSE CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...
DEBIAN-CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...
PT-2018-19070
Name of the Vulnerable Software and Affected Versions Roundcube versions 1.2.0 through 1.3.5 Description The issue allows for an IMAP injection attack by exploiting the unsanitized " uid" parameter in an archive.php request, specifically when the task=mail& mbox=INBOX& action=plugin.move2archive...