|
|||
Rule General Information |
---|
Release Date: | 2021-04-01 | |
Rule Name: | Roundcube Webmail Code Execution Vulnerability (CVE-2008-5619) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ExploitDB:7549 http://mahara.org/interaction/forum/topic.php?id=533 http://sourceforge.net/forum/forum.php?forum_id=898542 http://trac.roundcube.net/changeset/2148 |
|
Solutions |
---|
The vendor has released upgrade patches to fix vulnerabilities, please visit: http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb |