NVD

Id
28844  
Name
CVE-2015-8794  
Description
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-01-29  
Modified Date
2016-02-25  
Seq
2015-8794  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
151943 28844 CVE-2015-8794 http://trac.roundcube.net/changeset/6ccd4c54b/github  View
151944 28844 CVE-2015-8794 http://trac.roundcube.net/changeset/e84fafcec/github  View
151945 28844 CVE-2015-8794 http://trac.roundcube.net/ticket/1490379  View
151946 28844 CVE-2015-8794 https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11569 JVNDB-2015-006889 Roundcube の program/steps/addressbook/photo.inc における絶対パストラバーサルの脆弱性 Roundcube の program/steps/addressbook/photo.inc には、連絡先の写真の取り扱いに関する処理に不備があるため、絶対パストラバーサルの脆弱性が存在します。 CVE-2015-8794 86019 CVE-2015-8794 28844 4 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-006889.html 2015-06-05 2016-02-26 View