mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-03 08:48:00 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2020-12641
Description
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
POC
Reference
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
- https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/koorchik/dissert
- https://github.com/koorchik/llm-analysis-of-text-data
- https://github.com/mbadanoiu/CVE-2020-12641
- https://github.com/mbadanoiu/MAL-004
- https://github.com/nomi-sec/PoC-in-GitHub