Skip to content
/ CVE-2020-12640 Public

CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/CVE-2020-12640

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
Roundcube Disclosures - CVE-2020-12640.pdf
Roundcube Disclosures - CVE-2020-12640.pdf
 
 

Repository files navigation

CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail

A Path Traversal vulnerability exists in Roundcube versions before 1.4.4, 1.3.11 and 1.2.10.

Because the "_plugins_<PLUGIN_NAME>" parameters do not perform sanitization/input filtering, an attacker with access to the Roundcube Installer can leverage a path traversal vulnerability to include arbitrary PHP files on the local system.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Access to the Roundcube Webmail installer component
  • Write access to the target's filesystem

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail

Topics

cve local-file-inclusion path-traversal cves 0-day cve-2020-12640

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository