Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5382)
Description
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.