Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RoundCube Webmail 目录遍历漏洞
Vulnerability Description
RoundCube Webmail是一款基于浏览器的IMAP客户端(邮件客户端),它支持地址薄管理、信息搜索、拼写检查等。 RoundCube Webmail 1.0.8之前版本和1.1.4之前1.1.x版本的program/include/rcmail_output_html.php文件中的‘set_skin’函数存在目录遍历漏洞,该漏洞源于index.php脚本没有充分过滤‘_skin’参数。远程攻击者可借助目录遍历字符‘..’利用该漏洞以特定的权限读取任意文件,或执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A