Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2013-1904

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.

  • Published: Feb 8, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-1904
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
roundcube / webmail 0.5.2 0.5.2.x
roundcube / webmail - 0.7.2.x
roundcube / webmail 0.5.4 0.5.4.x
roundcube / webmail 0.1-rc1 0.1-rc1.x
roundcube / webmail 0.1-20050820 0.1-20050820.x
roundcube / webmail 0.1-20051007 0.1-20051007.x
roundcube / webmail 0.4 0.4.x
roundcube / webmail 0.1 0.1.x
roundcube / webmail 0.1-beta2 0.1-beta2.x
roundcube / webmail 0.8.5 0.8.5.x
roundcube / webmail 0.1-beta 0.1-beta.x
roundcube / webmail 0.1-20050811 0.1-20050811.x
roundcube / webmail 0.3-rc1 0.3-rc1.x
roundcube / webmail 0.5-rc 0.5-rc.x
roundcube / webmail 0.8.3 0.8.3.x
roundcube / webmail 0.2-stable 0.2-stable.x
roundcube / webmail 0.2-alpha 0.2-alpha.x
roundcube / webmail 0.8.1 0.8.1.x
roundcube / webmail 0.1-rc2 0.1-rc2.x
roundcube / webmail 0.3-beta 0.3-beta.x
roundcube / webmail 0.1-stable 0.1-stable.x
roundcube / webmail 0.7 0.7.x
roundcube / webmail 0.5-beta 0.5-beta.x
roundcube / webmail 0.4.2 0.4.2.x
roundcube / webmail 0.8.0 0.8.0.x
roundcube / webmail 0.8.2 0.8.2.x
roundcube / webmail 0.1-20051021 0.1-20051021.x
roundcube / webmail 0.5.1 0.5.1.x
roundcube / webmail 0.6 0.6.x
roundcube / webmail 0.2.2 0.2.2.x
roundcube / webmail 0.3 0.3.x
roundcube / webmail 0.1.1 0.1.1.x
roundcube / webmail 0.4-beta 0.4-beta.x
roundcube / webmail 0.1-alpha 0.1-alpha.x
roundcube / webmail 0.4.1 0.4.1.x
roundcube / webmail 0.7.1 0.7.1.x
roundcube / webmail 0.2 0.2.x
roundcube / webmail 0.5.3 0.5.3.x
roundcube / webmail 0.2-beta 0.2-beta.x
roundcube / webmail 0.3.1 0.3.1.x
roundcube / webmail 0.5 0.5.x
roundcube / webmail 0.2.1 0.2.1.x
roundcube / webmail 0.8.4 0.8.4.x
roundcube / webmail 0.3-stable 0.3-stable.x