Description
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.3.2)
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)
PHP Improper Input Validation Vulnerability (CVE-2012-0831)
WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)
Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)