Arbitrary Command Execution in Roundcube Password Plugin

Arbitrary Command Execution in Roundcube Password Plugin

CVE-2015-2180 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

Learn more about our Web Application Penetration Testing UK.