10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.862 High
EPSS
Percentile
98.6%
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | roundcube | < 0.1.1-9 | roundcube_0.1.1-9_all.deb |
Debian | 11 | all | roundcube | < 0.1.1-9 | roundcube_0.1.1-9_all.deb |
Debian | 999 | all | roundcube | < 0.1.1-9 | roundcube_0.1.1-9_all.deb |
Debian | 13 | all | roundcube | < 0.1.1-9 | roundcube_0.1.1-9_all.deb |