Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-5382 - Vulnerability Database
Roundcube

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-5382

Medium
Reference: CVE-2015-5382
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-5382
Title: Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.