roundcube webmail Alpha, with a default high verbose...
Moderate severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Dec 20, 2005
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 30, 2023
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
References