|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-04-01 | |
| Rule Name: | Roundcube Webmail Code Execution Vulnerability (CVE-2008-5619) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ExploitDB:7549 http://mahara.org/interaction/forum/topic.php?id=533 http://sourceforge.net/forum/forum.php?forum_id=898542 http://trac.roundcube.net/changeset/2148 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb |