VYPR
Medium severity6.5NVD Advisory· Published May 23, 2017· Updated Jun 17, 2026

CVE-2015-5382

CVE-2015-5382

Description

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Roundcube/Webmail5 versions
    cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*range: <=1.0.5
    • cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
  • Range: <1.0.6, <1.1.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.