CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail
CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail A Path Traversal vulnerability exists in Roundcube versions before 144, 1311 and 1210 Because the "_plugins_<PLUGIN_NAME>" parameters do not perform sanitization/input filtering, an attacker with access to the Roundcube Installer can leverage a path traversa