mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 02:45:46 +02:00
0xMarcio
724 B
724 B
CVE-2019-12938
Description
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
POC
Reference
Github
No PoCs found on GitHub currently.