E18-0ql21
CVSS:
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
False Positive:
t
Variants:
1
Year:
2018
Description
This strike exploits a command injection vulnerability in the Roundcube Webmail.
This vulnerability is due to improper handling of the HTTP parameter when a client sends http traffic to the server.
A remote attacker can trigger this vulnerability by enticing an authenticated user to visit a crafted page, which sends a request to the target server. This results in arbitrary IMAP injection on the target device.