CVE CVE-2013-1904 Mappings

Absolute path traversal vulnerability in steps/mail/ in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2013-1904 n/a uncategorized T1190 Exploit Public-Facing Application
CVE-2013-1904 n/a uncategorized T1083 File and Directory Discovery