POC详情: b6fe7f624a83769d63ef4f71f97d30f18256947a

来源
https://github.com/mbadanoiu/CVE-2020-12641
关联漏洞
标题: Roundcube Webmail 操作系统命令注入漏洞 (CVE-2020-12641)
描述:Roundcube Webmail是一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.4.4 版本之前版本中的 rcube_image.php 文件存在操作系统命令注入漏洞。攻击者可借助 shell 元字符利用该漏洞执行任意代码。
描述
CVE-2020-12641: Command Injection via “_im_convert_path” Parameter in Roundcube Webmail
介绍
# CVE-2020-12641: Command Injection via “_im_convert_path” Parameter in Roundcube Webmail

A Command Injection vulnerability exists in Roundcube versions before 1.4.4, 1.3.11 and 1.2.10.

Because the "_im_convert_path" does not perform sanitization/input filtering, an attacker with access to the Roundcube Installer can inject system commands in this parameter that will execute when any user opens any email containing a "non-standard" image.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10).

### Requirements:

This vulnerability requires:
<br/>
- Access to the Roundcube Webmail installer component
- Waiting for a Roundcube user to open an email containg a non-standard image

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-12641/blob/main/Roundcube%20Disclosures%20-%20CVE-2020-12641.pdf).
文件快照

 [4.0K]  /data/pocs/b6fe7f624a83769d63ef4f71f97d30f18256947a
├── [1015]  README.md
└── [370K]  Roundcube Disclosures - CVE-2020-12641.pdf

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。