Description

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

Remediation

References

CVE-2015-5383

Related Vulnerabilities

WordPress Plugin WPCB Cross-Site Scripting (2.4.8)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14719)

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14974)

PHP Configuration Vulnerability (CVE-2008-5844)

WordPress Plugin Simple Banner Cross-Site Scripting (2.10.3)

Severity

High

Classification

CVE-2015-5383 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities