CVE-2015-5382

Published: 2017-05-23T04:29Z

Last Modified: 2024-11-21T02:32Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt