module
Roundcube TimeZone Authenticated File Disclosure
| Disclosed |
|---|
| Nov 9, 2017 |
Disclosed
Nov 9, 2017
Description
Roundcube Webmail allows unauthorized access to arbitrary files on the host's filesystem, including configuration files.
This affects all versions from 1.1.0 through version 1.3.2. The attacker must be able to authenticate at the target system
with a valid username/password as the attack requires an active session.
Tested against version 1.3.2
This affects all versions from 1.1.0 through version 1.3.2. The attacker must be able to authenticate at the target system
with a valid username/password as the attack requires an active session.
Tested against version 1.3.2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.