This vulnerability is difficult to exploit since it requires ability to create files on the web server and a valid Roundcube account.īut this situation is very common for shared hosting servers, that host clients' websites on the same server as Roundcube. In case, when "skin_include_php" parameter is set to true, the attacker will be able to execute arbitrary PHP code from the skin files: Using specially crafted skin for Roundcube, a remote attacker can gain access to potentially sensitive information. "././") to load a new skin from arbitrary location on the system,Ī simple exploit below will send HTTP POST request to vulnerable script and will load a new skin from "/tmp" folder:Įxploitation of the vulnerability requires valid user credentials and ability to create files on vulnerable host. A remote authenticated attacker can use path traversal sequences (e.g. The vulnerability exists due to insufficient sanitization of "_skin" HTTP POST parameter in "/index.php" script when changing between different skins Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability Type: Path Traversal ĬVSSv3 Base Score: 5.3 ĭiscovered and Provided: High-Tech Bridge Security Research Lab ( ) Vulnerable Version(s): 1.1.3 and probably priorĪdvisory Publication: Decem
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |