CVE-2020-12641: Command Injection via “_im_convert_path” Parameter in Roundcube Webmail
CVE-2020-12641: Command Injection via “_im_convert_path” Parameter in Roundcube Webmail A Command Injection vulnerability exists in Roundcube versions before 144, 1311 and 1210 Because the "_im_convert_path" does not perform sanitization/input filtering, an attacker with access to the Roundcube Installer can inject system commands in this parameter