Description
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Remediation
References
Related Vulnerabilities
WordPress Plugin Downloads Manager 'upload.php' Arbitrary File Upload (0.2)
PHP Out-of-bounds Write Vulnerability (CVE-2017-9228)
Internet Information Services Other Vulnerability (CVE-2000-0246)
Oracle JRE CVE-2018-2588 Vulnerability (CVE-2018-2588)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)