Description
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slimstat Analytics Cross-Site Scripting (0.9.2)
Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-27901)
Oracle Database Server CVE-2024-21233 Vulnerability (CVE-2024-21233)
Oracle JRE CVE-2013-1478 Vulnerability (CVE-2013-1478)
WordPress Plugin WooCommerce Save For Later Cart Enhancement PHP Object Injection (1.0.6)