Posts by author: Robin Peraglie

Roundcube 1.2.2: Command Execution via Email

10 min read 6 Dec 2016 by Robin Peraglie
Roundcube is a widely distributed open-source webmail software used by many organizations and companies around the globe. In this post, we show how a malicious user can remotely execute arbitrary commands on the underlying operating system, simply by writing an email in Roundcube 1.2.2 (>= 1.0). This vulnerability is highly critical because all default installations are affected.