SECUNIA ADVISORY ID: SA33169
VERIFY ADVISORY: http://secunia.com/advisories/33169/
CRITICAL: Highly critical
IMPACT: System access
SOFTWARE: RoundCube Webmail 0.x - http://secunia.com/advisories/product/19066/
DESCRIPTION: A vulnerability has been discovered in RoundCube Webmail, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 0.2-beta.
The vulnerability is caused due to the use of the vulnerable "chuggnutt.com HTML to Plain Text Conversion PHP class", which can be exploited by sending specially crafted POST data to the bin/html2text.php script. For more information: SA33145
SOLUTION: Fixed in the SVN repository. http://trac.roundcube.net/changeset/2148
PROVIDED AND/OR DISCOVERED BY: Reported in a bug by RealMurphy. http://trac.roundcube.net/ticket/1485618
ORIGINAL ADVISORY: http://trac.roundcube.net/ticket/1485618
OTHER REFERENCES: SA33145: http://secunia.com/advisories/33145/
RoundCube Webmail *bin/html2text.php* PHP Code ExecutionPosted on Monday, December 15, 2008 @ 11:40:01 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
