🕵️ CVE-2024-37385 | Roundcube Webmail up to 1.5.6/1.6.6 on Windows Incomplete Fix CVE-2020-12641 im_convert_path/im_identify_path command injection
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vuldb.com
A vulnerability was found in Roundcube Webmail up to 1.5.6/1.6.6 on Windows. It has been declared as critical. Affected by this vulnerability is the function im_convert_path/im_identify_path
of the component Incomplete Fix CVE-2020-12641. The manipulation leads to command injection.
This vulnerability is known as CVE-2024-37385. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component. ...