Roundcube virtualmin privilege escalation (CVE-2017-8114)

Disclosed: 2019-11-12 23:48:02 By ilsani To ibb

Medium

Vulnerability Details

# Description *Password* plugin in its virtualmin driver allows to an attacker, that has a valid username/password to login in his web panel, to execute malicious inputs. This could allow to an attacker to reset victim's password and in some scenarios getting a system shell. # CVE CVE-2017-8114 # Details - https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11 - ████ - https://nvd.nist.gov/vuln/detail/CVE-2017-8114

Actions

View on HackerOne

Report Stats

Report ID: 242119
State: Closed
Substate: resolved
Upvotes: 2

Roundcube virtualmin privilege escalation (CVE-2017-8114)

Vulnerability Details

Actions

Report Stats

Share this report