program/steps/addressbook/photo.inc in Roundcube Webmail prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roundcube roundcube webmail |
||
roundcube roundcube webmail 1.1.1 |
||
roundcube webmail 1.1 |