THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-37385

Assignermitre
Updated2024-06-07

Description

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.

References

https://github.com/roundcube/roundcubemail/releases/tag/1.6.7

https://github.com/roundcube/roundcubemail/releases/tag/1.5.7

https://github.com/roundcube/roundcubemail/commit/5ea9f37ce39374b6124586c0590fec7015d35d7f

cve.org CVE-2024-37385

nvd.nist.gov CVE-2024-37385

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-37385
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +