Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-12641

Description

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

POC

Reference

- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube

- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4

Github

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/koorchik/dissert

- https://github.com/koorchik/llm-analysis-of-text-data

- https://github.com/mbadanoiu/CVE-2020-12641

- https://github.com/mbadanoiu/MAL-004

- https://github.com/nomi-sec/PoC-in-GitHub