Description
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-35648 Vulnerability (CVE-2021-35648)
Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7929)
Apache HTTP Server Other Vulnerability (CVE-1999-0067)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)