CVE-2020-12641
Roundcube Webmail Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
84.5%
p100
KEV
SÍ
22 jun 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
84.5%EPSS · 30 días84.5%
2026-06-302026-07-16
Producto
Roundcube / Roundcube Webmail
Vulnerabilidad
Roundcube Webmail Remote Code Execution Vulnerability
Añadido a KEV
22 jun 2023
Remediar antes de
13 jul 2023
Uso conocido en ransomware
No
Descripción resumida
Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Acción requerida
Apply updates per vendor instructions.
Notas
https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10; https://nvd.nist.gov/vuln/detail/CVE-2020-12641