Arbitrary Command Execution in Roundcube Password Plugin
CVE-2015-2180 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.
Learn more about our Web Application Penetration Testing UK.