Debian: 2787-1: roundcube: design error

Posted by Ridcully on Oct 29, 2013 12:48 AM EDT; By Benjamin D. Thomas
Mail this story
Print this story

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/ during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.

Full Story

» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.