cbcvebase.
CVE-2015-2180
published 2017-01-30

CVE-2015-2180: The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the…

PriorityP261high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
4.71%
90.7th percentile
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianroundcube< roundcube 1.1.1+dfsg.1-2 (bookworm)roundcube 1.1.1+dfsg.1-2 (bookworm)
roundcubewebmail<= 1.1

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/roundcube/roundcubemail/commit/7c96646de0efda16cded8491138bfefe31aca940
  • Monitor for shell metacharacters in password change requests targeting the Roundcube Password plugin's DBMail driver, which can lead to arbitrary OS command execution with root privileges.
  • Alert on Roundcube Password plugin DBMail driver usage where the new password field contains shell metacharacters (e.g., ;, |, &, $, `, etc.).
  • Flag Roundcube instances running versions before 1.1.0 (or Debian package before 1.1.1+dfsg.1-2) with the Password plugin and DBMail driver enabled as vulnerable.
  • ·The Password plugin (and its DBMail driver) is disabled by default in Roundcube; exploitation requires the plugin to be explicitly enabled by an administrator.
  • ·Exploitation also requires the attacker to be an authenticated Roundcube user, limiting exposure to credentialed attackers.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.