Vulnerabilities > Roundcube > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-44026 | SQL Injection vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | 9.8 |
| 2017-01-30 | CVE-2015-2180 | Injection vulnerability in Roundcube Webmail The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | 9.0 |
| 2008-12-17 | CVE-2008-5619 | Code Injection vulnerability in Roundcube Webmail 0.2.1/0.2.3 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | 10.0 |