关联漏洞
Description
CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail
介绍
# CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail
A Path Traversal vulnerability exists in Roundcube versions before 1.4.4, 1.3.11 and 1.2.10.
Because the "\_plugins\_<PLUGIN_NAME>" parameters do not perform sanitization/input filtering, an attacker with access to the Roundcube Installer can leverage a path traversal vulnerability to include arbitrary PHP files on the local system.
### Vendor Disclosure:
The vendor's disclosure and fix for this vulnerability can be found [here](https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10).
### Requirements:
This vulnerability requires:
<br/>
- Access to the Roundcube Webmail installer component
- Write access to the target's filesystem
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-12640/blob/main/Roundcube%20Disclosures%20-%20CVE-2020-12640.pdf).
文件快照
[4.0K] /data/pocs/a697e77ff8e4f74d8a1b533fea6f3e45d85ff75d
├── [ 950] README.md
└── [221K] Roundcube Disclosures - CVE-2020-12640.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。