VDB

GCVE-110-MAGEIA-2016-430

GCVE-110-MAGEIA-2016-430
Advisory Published
Vulnetix · Advisory published December 29, 2016
Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail() function (CVE-2016-9920). Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected.

Affected Products

VendorProductVersionsPlatforms
Mageiaroundcubemail0 (affected), 1.0.9-1.1.mga5 (unaffected)

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›