Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-9846

Published: 07/04/2018 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Roundcube

Vulnerability Summary

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.

Vulnerable Product Search on Vulmon Subscribe to Product

roundcube webmail

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: roundcube: CVE-2018-9846: check_request() bypass in archive plugin
Debian Bug report logs - #895184 roundcube: CVE-2018-9846: check_request() bypass in archive plugin Package: src:roundcube; Maintainer for src:roundcube is Debian Roundcube Maintainers <pkg-roundcube-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 8 Apr 2018 08:3 ...
Arch Linux Issues:
In Roundcube from versions 120 to 135, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archivephp _task=mail&_mbox=INBOX&_action=pluginmove2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence NOTE ...

Github Repositories

https://github.com/FiroSolutions/api.firosolutions.com

Vulnerability Management API search for exploits and CVEs in json

Read the up to date information at: watchersfirosolutionscom/apidoc Description: Json Rest API for viewing watcher and Vulnerability data Url: apifirosolutionscom Vulnsfirosolutionscom Is a webui using this api EndPoints /timesearch Description: search within a time frame Sample code: >>> imp

References

CWE-20https://github.com/roundcube/roundcubemail/issues/6238https://github.com/roundcube/roundcubemail/issues/6229https://www.debian.org/security/2018/dsa-4181https://medium.com/%40ndrbasi/cve-2018-9846-roundcube-303097048b0ahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184https://nvd.nist.govhttps://github.com/FiroSolutions/api.firosolutions.comhttps://security.archlinux.org/CVE-2018-9846
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook