Roundcube Webmail Vulnerability Allows Hackers to Execute Malicious SQL Queries
ID: ef65bfda-29a2-536b-97ff-77749ec7ef0e
STIX ID: report--ef65bfda-29a2-536b-97ff-77749ec7ef0e
Feed Name: GBHackers
Threat Score
Roundcube Webmail released critical security updates (1.6.16 and 1.7.1) addressing a pre-auth SQL injection in the virtuser_query plugin plus multiple injection, XSS, SSRF, CSS injection, remote resource bypasses and pre-auth arbitrary file deletion vulnerabilities; administrators are urged to upgrade immediately, disable unnecessary plugins (e.g., virtuser_query), review logs, and enforce stricter access controls.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.